What is a Web Application Firewall

(To Alessandro Rugolo)

Un Web Application Firewall, WAF for friends, is a security application that protects web applications from malicious attacks and unwanted internet traffic. We are talking about devices that already have their own history.

At the beginning i firewall they were responsible for protecting network resources, servers, databases, file servers, then with the development of the web it became increasingly important to protect one's web applications and this determined, at the beginning of 2000, the development of web application firewall.  

But let's see in more detail what a WAF does.

1 - analyze incoming and outgoing web traffic to detect and block any cyber attacks, such as injection attacks, cross-site scripting (XSS), SQL injection and other types of threats;

2 - protects and detects the presence of web application vulnerabilities, such as programming or configuration errors that could be exploited by hackers to compromise the security of the application.

3 - manages and controls authorized user access, ensuring that only those with the appropriate rights can access and interact with the web application. It is generally capable of distinguishing between a human user and an automatic tool and reacting appropriately to the adversary's actions.

Of course there are WAFs and WAFs, each product is slightly different from the other and can perform additional functions. 

It must be said that the WAF is a tool that it must be included in a more complete security structure as it is specialized for web applications but it is not suitable for anything else.

Today there are WAFs that make use of Artificial Intelligence to perform their functions better and above all faster.

If we look at the world market, among the most popular are the solutions of Akamai (USA), Radware (USA), Cloudflare (USA), F5 (USA), Barracuda networks (USA) and of course the big brands such as AWS, Microsoft and Google, let's say that the market is practically in the hands of the USA.

But what if we wanted to find a European or, better yet, Italian product?

There are various products: we could turn to the French one .OGO or maybe Italian Pluribus One, these are personal choices.

What is certain is that, if you have to manage the security of a company that works with the web on a daily basis, it is You should consider adding a WAF product in its security portfolio.

To learn more:

- https://www.oracle.com/uk/security/cloud-security/what-is-waf/

- https://www.akamai.com/it/glossary/what-is-a-waf

- https://www.checkpoint.com/it/cyber-hub/cloud-security/what-is-web-appli...

- https://www.ogosecurity.com/

- https://seerbox.it/