An application firewall is a type of firewall that governs traffic to, from, or by an application or service.
Application firewalls, or application layer firewalls, use a series of configured policies to determine whether to block or allow communications to or from an app.
Traditional firewalls control data flow to and from the CPU, examining each packet as it passes through. An application firewall takes it further by controlling the execution of files or code by specific applications. This way, even if an intruder gains entry to a network or server, they can’t execute malicious code.
Application firewalls can be active or passive.
Active – Active app firewalls actively inspect all incoming requests—including the actual message being exchanged—against known vulnerabilities such as SQL injections, parameter and cookie tampering, and cross-site scripting. Only requests deemed “clean” are passed to the application.
Passive – Passive app firewalls act in a similar way to an intrusion detection system (IDS) in that they also inspect all incoming requests against known vulnerabilities, but they don’t actively reject or deny those requests if a potential attack is discovered.
Application firewalls are generally remotely updateable, which allows them to prevent newly discovered vulnerabilities. They’re often more up to date than specific security-focused code included in applications, due to the longer development and testing cycles required to include such code within applications.
Today, you’ll most commonly see web application firewalls (WAFs) to filter, monitor, and block HTTP/S traffic to and from a web application, specifically.