Security Glossary

Definition

WAF

What is Web Application Firewall?

A security control that monitors, filters, and blocks HTTP/HTTPS traffic between clients and a web application based on rule sets designed to detect common attack patterns. WAFs can mitigate attacks such as SQL injection, XSS, and CSRF, and are often deployed in front of public-facing applications as an additional protective layer. WAFs are not a substitute for secure application code and can frequently be bypassed by attackers using obfuscation, encoding variations, or logic-based techniques.

Related terms

Put this into practice
Autonomous OWASP vulnerability scanning
See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.