Web Application Firewall

From OWASP
Revision as of 17:16, 18 October 2016 by Jtpereyda (talk | contribs) (Description: Adding clarifying info comparing with proxies and reverse proxies. Source: http://security.stackexchange.com/a/93847/5997)

Jump to: navigation, search

Description

A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.

A WAF differs from a proxy in that proxies protect clients, while WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy.

WAFs may be customized to an application. The effort to perform this customization can be significant and needs to be maintained as the application is modified.


A far more detailed description is available at Wikipedia.

OWASP Projects

References