Reblaze Wiki

WAF

A WAF monitors and filters traffic to and from a web application. Incoming traffic consists of legitimate user requests and requests from threat actors. A WAF identifies and blocks the latter, while allowing the legitimate requests to pass through.

What is a WAF?

A WAF monitors and filters traffic to and from a web application. Incoming traffic consists of legitimate user requests and requests from threat actors. A WAF identifies and blocks the latter, while allowing the legitimate requests to pass through.

What is a next-generation WAF?

As the name implies, a next-gen (or “nxgen”) WAF is the newest and most powerful form of a web application WAFs have evolved considerably in the last two decades. They have gained substantial power in a number of different categories, as discussed below.

How Does a WAF Work?

WAFs analyze and scrub traffic by enforcing rulesets against the requests. Traditional WAFs were based on a negative security model. The WAF allowed all incoming requests, unless they matched predefined threat signatures, or otherwise violated a security rule.

What is OWASP top 10

The OWASP Top 10 is one of its most popular projects: a list of the top 10 threats that modern web applications must protect against. It is meant to raise awareness among developers and executives about the most critical security risks.

What is Web Application Security

Web application security is the process of protecting web applications from Internet threats. Traditionally, this is provided by a WAF: a web application firewall. (For more information, see What is a web application firewall? and How does a WAF work?)