Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

3.3 Web Application Firewall (WAF)

This section is part of the amber and green pathways.

A web application firewall is a device dedicated to protecting a web server. On the network, it is placed such that all traffic first passes through the WAF and then reaches the web server. A WAF is quite different from a firewall, an IDS, or an IPS, as noted in Table 3. The IPS inspects all data traffic that attempts to enter or leave the network, while the WAF inspects only the web data traffic. The traffic is inspected for specific types of attack on web servers as well as presence of malware in the content accessed/downloaded from other sites.

Table 3 WAF vs. IPS
Web Application Firewall (WAF)IPS
Where in the network?Placed in front of the web server. It could also be integrated into the web server, for lower loadsBetween the firewall and the router connecting to the internet
Primary functionInspect application data traffic (web data traffic) and the content to protect against web-specific attacksInspects the data traffic and blocks suspicious data traffic from reaching the firewall
Protection againstSQL injection, Cross Site Scripting, session manipulation attacks, javascript-based attacksCovers attacks against all components of a networked device – the OS (Windows, MacOS, Linux) and the applications on it (WWW, email, file sharing, etc.)

In cases where the web traffic is small, the WAF – a piece of software – is integrated on to the web server itself. In cases where there is a substantial amount of web data traffic, a dedicated appliance is used as a WAF.

Please complete Quick poll #19 [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)]   now.

Open the poll in a new window or tab then come back here when you’re done.

Next, you’ll have the opportunity to review your learning in the end-of-week practice quiz.

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371