Security news aggregator

Latest coverage for Web Application Firewall

Protect your web apps from threats with the latest Web Application Firewall updates, trends, and expert insights on our dedicated infosec tag page.

18 headlines in this view

A Web Application Firewall (WAF) is a security solution specifically designed to monitor, filter, and block potentially harmful traffic to and from web applications. By deploying a set of rules that are commonly known as policies, a WAF effectively protects web applications from a variety of attacks such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.

Within the realm of information security, a WAF operates as a protective shield placed between the web application and the internet. It acts as a gatekeeper, analyzing the HTTP requests before they reach the application and respond with the appropriate HTTP responses. This process is critical for preventing unauthorized access and data breaches because it enables the WAF to identify and mitigate malicious requests, ensuring that only safe interactions proceed to the application's server.

Moreover, Web Application Firewalls are continuously evolving to adapt to new threats. They support custom-defined security rules and can be either network-based, host-based, or cloud-based, offering varied options for implementation based on an organization's specific needs and resources. By providing a central point of control for incoming and outgoing application traffic, WAFs are an essential component of modern web application security strategies.

Showing 18 most recent headlines Filtered view

The Register 4 months ago

Why native cloud security falls short

Your cloud security must stand alone Partner Content As cloud adoption accelerates, many organizations are increasingly relying on the native security features offered by cloud service providers (CSPs). The ability to manage web application firewalls (WAF), data encryption, and key management (KMS) within a single provider ecosystem appears efficient and convenient. However, when security and reliability are viewed through the lens of enterprise risk management, this convenience may come at a significant cost.…

More from The Register 2 Feb 2026, 9:00 p.m. Adoption Cloud Encryption Firewalls Service Provider Web Application Firewall

The Register 4 months, 2 weeks ago

Cloudflare whacks WAF bypass bug that opened side door for attackers

ACME validation had a challenge-request hole Cloudflare has fixed a flaw in its web application firewall (WAF) that allowed attackers to bypass security rules and directly access origin servers, which could lead to data theft or full server takeover.…

More from The Register 21 Jan 2026, 12:05 p.m. Bypass Cloudflare Firewalls Fixed Flaw Theft Web Application Firewall

Dark Reading 5 months, 3 weeks ago

React2Shell Exploits Flood the Internet as Attacks Continue

As exploitation activity against CVE-2025-55182 ramps up, researchers are finding some proof-of-concept exploits contain bypasses for web application firewall (WAF) rules.

More from Dark Reading 13 Dec 2025, 9:11 a.m. Actively exploited CVE-2025-55182 CVE Exploit Firewalls PoC Research Web Application Firewall

Bank Info Security 5 months, 4 weeks ago

React Flaw Mitigation Leads to Cloudflare Outage

Outage Briefly Took Down Zoom, LinkedIn and Other WebsitesContent delivery network giant Cloudflare is investigating a brief outage early Friday that took down multiple websites. The incident marks the second outage in the span of a month, although the causes are unrelated. It stemmed from how Cloudflare's web application firewall parses requests.

More from Bank Info Security 6 Dec 2025, 6:30 a.m. Cloudflare Firewalls Flaw Incident Mitigation Outage Social Media Web Application Firewall

The Register 6 months, 2 weeks ago

Fortinet 'fesses up to second 0-day within a week

Attackers may be joining the dots to enable unauthenticated RCE Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier.…

More from The Register 20 Nov 2025, 12:07 p.m. 0-Day Critical Firewalls Flaw Fortinet Patch Remote Code Execution Unauthenticated Web Application Firewall

Dark Reading 6 months, 2 weeks ago

Fortinet Woes Continue With Another WAF Zero-Day Flaw

A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor's disclosure practices.

More from Dark Reading 20 Nov 2025, 11:27 a.m. 0-Day Disclosure Firewalls Flaw Fortinet Vendor Vulnerability Web Application Firewall

Bleeping Computer 6 months, 2 weeks ago

CISA gives govt agencies 7 days to patch new Fortinet flaw

CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks. [...]

More from Bleeping Computer 20 Nov 2025, 2:44 a.m. 0-Day America CISA Firewalls Flaw Fortinet Government Patch Vulnerability Web Application Firewall

Bleeping Computer 6 months, 2 weeks ago

Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks

Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited. [...]

More from Bleeping Computer 15 Nov 2025, 6:00 a.m. 0-Day Confirmation Critical Firewalls Fortinet Patch Vulnerability Web Application Firewall

Bleeping Computer 9 months, 2 weeks ago

Researcher to release exploit for full auth bypass on FortiWeb

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. [...]

More from Bleeping Computer 17 Aug 2025, 2:24 a.m. Authentication Bypass Exploit Firewalls Vulnerability Web Application Firewall

The Hacker News 1 year ago

SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection

From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater

More from The Hacker News 23 May 2025, 10:30 p.m. 0-Day Application Security Exploit Firewalls Github Open Source Web Application Firewall

Dark Reading 1 year, 6 months ago

Misconfigured WAFs Heighten DoS, Breach Risks

Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.

More from Dark Reading 4 Dec 2024, 11:34 a.m. Breach DoS Firewalls Misconfiguration Web Application Firewall

The Hacker News 2 years, 2 months ago

WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw

WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw

More from The Hacker News 18 Mar 2024, 10:46 p.m. CVE Critical Firewalls Flaw Malware Web Application Firewall Wordpress

The Register 2 years, 2 months ago

Cloudflare wants to put a firewall in front of your LLM

Claims to protect against DDoS, sensitive data leakage Cloudflare has tweaked its web application firewall (WAF) to add protections for applications using large language models.…

More from The Register 5 Mar 2024, 2:32 p.m. Cloudflare DoS Firewalls Web Application Firewall

Dark Reading 3 years, 5 months ago

Popular WAFs Subverted by JSON Bypass

Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format.

More from Dark Reading 13 Dec 2022, 4:21 a.m. Amazon Web Services Bypass Cloudflare Database F5 Firewalls JavaScript Palo Alto Networks Vulnerability Web Application Firewall

The Hacker News 3 years, 5 months ago

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information

More from The Hacker News 10 Dec 2022, 7:18 p.m. Bypass Firewalls Research Web Application Firewall

Dark Reading 3 years, 11 months ago

A WAF Is Not a Free Lunch: Teaching the Shift-Left Security Mindset

Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.

More from Dark Reading 29 Jun 2022, 5:00 a.m. Firewalls Free Web Application Firewall

Dark Reading 4 years ago

Transforming SQL Queries Bypasses WAF Security

A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.

More from Dark Reading 13 May 2022, 11:20 a.m. Firewalls Machine Learning Research SQL Web Application Firewall

Dark Reading 4 years, 2 months ago

Half of Orgs Use Web Application Firewalls to Paper Over Flaws

WAFs remain a popular backfill for complex and fraught patch management.

More from Dark Reading 19 Mar 2022, 10:37 a.m. Firewalls Flaw Patch Web Application Firewall