A web application firewall, or WAF, filters, monitors, and blocks HTTP/S traffic to and from a web application to protect against malicious attempts to compromise the system or exfiltrate data.
By inspecting HTTP/S traffic, a WAF can prevent web application attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. They’ve become an industry standard in application security.
WAFs can come in the form of software, as-a-service, or an appliance, and contain policies customized for an application or set of applications. You’ll need to update the policies regularly, though advances are being made that enable some WAFs to update automatically. The latter is becoming the safest option as the threat landscape continues to grow in complexity and ambiguity.