SecPlusTrainer / Glossary / What is a WAF?
D3 · Architecture

What is a WAF?

A WAF inspects HTTP/HTTPS traffic to block web attacks — SQLi, XSS, CSRF, path traversal. Deployed in front of web applications at Layer 7.
WAF ≠ replace secure coding. WAF is a compensating control. OWASP ModSecurity Core Rule Set provides baseline protection. WAF in detection mode first, then blocking mode after tuning. A WAF blocking legitimate requests hurts the business — tune carefully.

Related Terms

What is a Web Application Firewall (WAF)? What is BeyondCorp and zero trust? What is BYOD and its security risks? What is a captive portal?
← Back to Glossary Practice Questions →