Web application security describes security methods applied to Web servers, Web applications, and application users. Examples of Web applications include online banks, shopping, auction sites, and Web-hosted e-mail. Examples of Web application security include authenticating user access to an online bank, protecting and validating cookies used by an auction site to maintain user state and privacy, or validating all user-supplied input before it's processed by the Web application. Since Web applications reside in the application layer, the terms "application security" or "application firewall" are typically used interchangeably with Web application security.
One way to protect Web applications from security holes is by using an application firewall with Web application threat detection. The F5 BIG-IP® Application Security Manager provides comprehensive network- and application-layer protection from generalized and targeted attacks by understanding the user interaction with the application. Utilizing both negative (signature matching for known attack patterns) and positive (only allowing known traffic and data patterns) security models, Application Security Manager protects critical Web applications from attacks such as cross-site scripting, SQL Injection and cookie poisoning.