Skip to content
Skip to main content

About this free course

Share this free course

Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

3.3 Web Application Firewall (WAF)

This section is part of the amber and green pathways.

A web application firewall is a device dedicated to protecting a web server. On the network, it is placed such that all traffic first passes through the WAF and then reaches the web server. A WAF is quite different from a firewall, an IDS, or an IPS, as noted in Table 3. The IPS inspects all data traffic that attempts to enter or leave the network, while the WAF inspects only the web data traffic. The traffic is inspected for specific types of attack on web servers as well as presence of malware in the content accessed/downloaded from other sites.

Table 3 WAF vs. IPS
Web Application Firewall (WAF)IPS
Where in the network?Placed in front of the web server. It could also be integrated into the web server, for lower loadsBetween the firewall and the router connecting to the internet
Primary functionInspect application data traffic (web data traffic) and the content to protect against web-specific attacksInspects the data traffic and blocks suspicious data traffic from reaching the firewall
Protection againstSQL injection, Cross Site Scripting, session manipulation attacks, javascript-based attacksCovers attacks against all components of a networked device – the OS (Windows, MacOS, Linux) and the applications on it (WWW, email, file sharing, etc.)

In cases where the web traffic is small, the WAF – a piece of software – is integrated on to the web server itself. In cases where there is a substantial amount of web data traffic, a dedicated appliance is used as a WAF.

Please complete Quick poll #19 [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)]   now.

Open the poll in a new window or tab then come back here when you’re done.

Next, you’ll have the opportunity to review your learning in the end-of-week practice quiz.