Don’t Run Another Phish Test Until You Read This
Get Started Book a Demo

Web Application Firewall (WAF)

5th March 2020 | Cybrary Web Application Firewall (WAF)


A Web Application Firewall (WAF) is used to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. This method of defense isn’t designed to stop every form of attack. As with most defenses, it takes more than one defense system to create a strong defense against a range of attack vectors.

When you have a web application firewall in place, it is inserted in front of the web application, where it creates a shield between the web application and the Internet. The purpose of a WAF is to filter out the malicious traffic and let in the safe traffic. 

Source: Cloudflare

Additional Reading: Web Application Security Without Organizational Resistance

Related Terms: Application Proxy, Firewall, Reverse Proxy

Should AN SMB Have A WAF?

If you can afford one, then yes you should implement a Web Application Firewall. Keep in mind that WAF’s need to see unencrypted traffic so you will need another device to decrypt the SSL traffic and then pass the HTTP traffic through your WAF before it is redirected to your webserver.  WAF’s do add a lot of complexity to websites and are not for the faint of heart.However, employing a Web Application Firewall is best practice to protect your website and your web application from a variety of hacker attacks, according to some security experts. A WAF acts as a proxy and monitors the traffic coming in and out of your website to ensure that hackers cannot access protected content in your website, or worse, break into your website through specially crafted attack packets. In addition, a WAF protects your website’s vulnerabilities that your developers may not have noticed. Hackers are targeting SMBs more and more because they realize that many SMBs lack basic cybersecurity measures. In response, SMB owners need to take control of their websites and increase their overall security.  A side note to SMBs, if you process credit cards in your web application directly without passing them to a 3rd party provider for processing, then you are obligated to deploy a WAF solution for PCI/DSS compliance.

To learn more about WAF, watch this short 3 minute video:

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks
5th August 2025 | Blog

Stopping Token Theft: How Microsoft’s Protections Prevent BEC Attacks

Welcome to our two-part blog series on Microsoft’s new email security enhancement now included in Office 365 P1...

Read more
Why Hackers Love MSPs and What We’re Gonna Do About It
29th July 2025 | Blog

Why Hackers Love MSPs and What We’re Gonna Do About It

"Being an MSP today is like wearing a neon sign that says, ‘Hack me! I’m the gateway to 100...

Read more
Stop the Swap: How to Protect Yourself from SIM Swapping Attacks
15th July 2025 | Blog

Stop the Swap: How to Protect Yourself from SIM Swapping Attacks

Ever had your phone suddenly lose service for no reason, followed by a flood of “reset your password”...

Read more
Get Started All Posts