Web Application Firewall

=Description= A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.

A WAF differs from a proxy in that proxies protect clients, while WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy.

WAFs may be customized to an application. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

= OWASP Projects =


 * The OWASP ModSecurity CRS Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application.
 * Consider the Web Application Firewall Evaluation Criteria Project (WAFEC) to help evaluate commercial and open source web application firewalls.

= References =
 * https://en.wikipedia.org/wiki/Application_firewall