Security platforms
WAF
Web Application Firewall
A Web Application Firewall (WAF) sits in front of web applications and inspects HTTP requests and responses, blocking traffic that matches known attack patterns such as SQL injection or cross-site scripting. A WAF is a mitigating control that buys time and reduces noise, but it can be bypassed and does not remediate the underlying vulnerability.
Key points
- Edge control that filters malicious HTTP traffic by rules or signatures.
- Mitigates, does not fix - the vulnerability remains behind it.
- Can be evaded, so it complements rather than replaces testing.
Related
Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.
Join the waitlist