IDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSEIDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSE
Impactr Logoimpactr
FeaturesHow it worksEvidencePricingLearnCompare
  1. Home
  2. Glossary
  3. WAF

Security platforms

WAF

Web Application Firewall

A Web Application Firewall (WAF) sits in front of web applications and inspects HTTP requests and responses, blocking traffic that matches known attack patterns such as SQL injection or cross-site scripting. A WAF is a mitigating control that buys time and reduces noise, but it can be bypassed and does not remediate the underlying vulnerability.

Key points

  • Edge control that filters malicious HTTP traffic by rules or signatures.
  • Mitigates, does not fix - the vulnerability remains behind it.
  • Can be evaded, so it complements rather than replaces testing.

Related

RASPDASTIASTSQL Injection (SQLi)Cross-Site Scripting (XSS)

Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.

Join the waitlist
← All terms
Impactr Logoimpactr

Built by hackers, for the code you ship. Autonomous AI penetration testing for modern web apps and APIs.

© 2026 Impactr

Product

FeaturesCoverageUse casesEvidencePricingWaitlist

Resources

VulnerabilitiesGuidesComparisonsGlossaryCWE databaseBy industryBy languageHTTP status codesSecurity headers

Company

ContactTwitterLinkedInGitHub