Spring chickens they're not, but Web application firewalls (WAFs) are surging in popularity as more industries connect critical business functions to the Internet — and attackers inevitably follow.
So what exactly is a WAF, and what are the tool's benefits and drawbacks?
What a WAF Is"A WAF has two primary uses: visibility into incoming malicious HTTP(S) attack traffic [and] the ability to fend off attacks, especially where a Web application is known to be vulnerable, until the underlying code can be properly fixed," says Jeremiah Grossman, CEO of Bit Discovery and founder of WhiteHat Security.
Traditionally, WAFs have existed in the form of physical or virtual appliances, and "increasingly are delivered from the cloud, as a service (cloud WAF service)," according to Gartner.
What a WAF Isn’t"WAFs cannot 'fix' Web application vulnerabilities," Grossman says. "It can only shield them."
Further, a WAF product might perform a wider variety of tasks than described above — but it might not.
As Eric Parizo, senior analyst at Ovum, explains, WAF vendors have begun to wrap in capabilities often provided by other tools, like runtime application security, anti-bot protections, anti-DDoS services, and API abuse preventio ..
Support the originator by clicking the read the rest link below.
