WAF (Web Application Firewall) is a system of software monitors and filters to protect WEB applications, which analyzes and filters incoming traffic. WAF is installed using the overlay method, i.e. it is not embedded in the application, but located separately.
In theory, any application can have its own protection mechanisms, but their creation and implementation require additional costs and resources. In practice, it is much easier for developers to delegate security to a firewall.
There are three models of WAF operation:
- Negative: filtering based on the “blacklist” principle. It filters out traffic of a certain type specified in the firewall settings.
- Positive: allows only the type of traffic permitted by the firewall settings.
- Hybrid: positive model supplemented with rules that prohibit traffic of a certain content or quality.
WAF is not an absolute defense and is most often built into a network alongside with other security tools, such as incident monitoring systems or anti-fraud services.