written by: Pierluigi Stella
Web Application Firewall, or, simply put, WAF.
True, the name does not explain very well what it is and what it’s supposed to do, although you’d probably guess it has something to do with protecting a web application. And you’d be right.
In the recent years, Internet threats have shifted. Slowly in the beginning but increasingly rapidly in the last two years, from email to web based threats. In the past, hackers would use emails to distribute new threats, embedded into an email. Personally, I have not seen this for at least two years now, and the likely reason is because we all have anti viruses in place to protect us from email embedded threats.
There is actually also another reason – distributing threats this way is very inefficient. It might have been useful ten years ago, but today, at the rate new threats are being created (40,000 new variations per day in some cases), this is no longer sufficient. It is far more efficient to compromise one website and then infect all the thousands of computers that will connect to said website via their web browsers. (Read more)