GLOSSARY  /  Web Application Firewall (WAF)

What is Web Application Firewall (WAF)?

A filter that inspects HTTP traffic to block web attacks like SQL injection and XSS.

A WAF sits in front of web apps and applies rules (e.g., OWASP Core Rule Set) to detect and block malicious requests. It is a useful layer but can be bypassed and does not replace secure coding.

Cloud WAFs also provide DDoS and bot protection.

Related free tools

Related terms

Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.