According to Fortinet, Web Application Firewalls (WAFs) are designed to inspect and protect HTTP connections and prevent web-based attacks such as cross-site scripting (XSS) and SQL injection. While WAF tools and devices have been around for over a decade, and are a required technology for organizations that process credit card transactions (PCI-DSS), they are just now starting to gain traction in many networks.

Snapt say that every business exposing online applications, services, and APIs needs a Web Application Firewall (WAF) to operate safely and protect against cybersecurity threats. A WAF identifies and blocks attacks that lead to downtime, leaked data, and compromised transactions and accounts.

Some questions you may have:

1. What does your network architecture and application infrastructure look like?
2. Which teams will use the WAF and how?
3. Where will you deploy a WAF?
4. Which detection and blocking techniques suit your traffic and risk profile?
5. Which application attacks present the biggest risks to your business?
6. Would your apps benefit from virtual patching and scanner integration?
7. Do you need PCI-DSS compliance for secure transactions?
8. Do you need to terminate SSL traffic?
9. What kind of visibility and reporting does your SecOps team need to be effective?

Click on any of the above questions to learn more, from our partner Snapt on their blog.