All Courses
AI Career Planner
1:1 Coaching/Mentoring
Job Board
SQL
HTML/CSS/JS
Coding
Settings
LogoutA WAF sits between a company’s web applications and the requests coming in from the internet. Via reverse proxy, it monitors, filters, or blocks data packets as they travel to and from a web application. In doing so, it attempts to screen out potentially harmful traffic that may enable web exploits. A WAF may come in the form of a cloud-based solution, an appliance, a server plugin, or a filter.
Early WAFs, which are known as stateless WAFs, used static rules to analyze potential threats arriving via inbound requests to a company’s web application servers. Using pattern recognition, they effectively generated educated guesses on how a web application might react to a specific form of attack using predetermined models of application behavior and attack behavior. For example, stateless WAFs might check how quickly requests were coming in, whether they were originating from the same source, and other behavioral metrics that might indicate malicious activity was underway.
Stateless WAFs could perform such tasks much more rapidly than their human counterparts, but they were not adaptable or nimble enough to successfully ward off evolving attacks. A continual game of cat and mouse ensued in which attackers, upon discovering that their initial form of attack on a web application had been unsuccessful, would simply devise a new form of attack behavior that the WAF had not seen before and could not prevent. Then, when the WAF eventually received new rules that could ward off this new attack variant, the attackers would come up with yet another method for evading detection.
The second generation of WAFs, known as stateful WAFs, offers more agile defenses than its predecessor. Stateful WAFs can enrich collected data with relevant context and analyze a web application’s current threat landscape. Since they take a broader, more contextual view into account, stateful WAFs are better at detecting critical issues such as DDoS attacks and “low and slow” attacks that attempt to undermine security by flying under the radar.