Security news aggregator

Latest coverage for Web Application Firewall

A Web Application Firewall filters malicious HTTP traffic to reduce application exploits, but secure coding and timely patching remain essential.

4 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A Web Application Firewall (WAF) filters HTTP(S) traffic between clients and a web application, applying signatures, behavioral rules, rate limits, and custom policies. It can block or challenge requests resembling SQL injection, cross-site scripting, path traversal, malicious file uploads, or some abusive automation before they reach application code. WAFs may run as cloud services, network appliances, or software, but their security function is the same: reduce the attack surface of publicly reachable application endpoints.

A WAF is a control layer, not a substitute for secure coding, authentication, authorization, or patching. It may miss attacks that use valid requests, business-logic abuse, or novel payloads, and poorly tuned rules can block legitimate users or leave bypasses. Organizations should terminate or otherwise inspect encrypted traffic where appropriate, keep rules aligned with application changes, review alerts and blocked requests, and use WAF rules as temporary compensating protection while vulnerable components are fixed. Its logs can also support investigation and vulnerability prioritization.

Volume over time

Weekly headline count for the current query.

Showing 4 most recent headlines Filtered view
The Register 5 months, 2 weeks ago

Why native cloud security falls short

Your cloud security must stand alone Partner Content As cloud adoption accelerates, many organizations are increasingly relying on the native security features offered by cloud service providers (CSPs). The ability to manage web application firewalls (WAF), data encryption, and key management (KMS) within a single provider ecosystem appears efficient and convenient. However, when security and reliability are viewed through the lens of enterprise risk management, this convenience may come at a significant cost.…

The Register 7 months, 4 weeks ago

Fortinet 'fesses up to second 0-day within a week

Attackers may be joining the dots to enable unauthenticated RCE Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier.…