Web application firewalls (WAF) are designed to protect web apps by filtering and monitoring incoming traffic. These tools analyze HTTP traffic as it comes in, blocking potentially malicious traffic and identifying traffic anomalies. Companies use these tools in conjunction with additional application security software to better protect operational web applications. These tools differ from traditional firewalls, which control traffic between servers, by filtering traffic and content attempting to access a specific web-based application.
To qualify for inclusion in the Web Application Firewalls (WAF) category, a product must:
Web Application Firewall (WAF) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.
Imperva Incapsula delivers an enterprise-grade Web Application Firewall to safeguard your site from the latest threats, an intelligent and instantly effective 360-degree anti-DDoS solutions (layers 3-4 and 7), a global CDN to speed up your website's load speed and minimize bandwidth usage and an array of performance monitoring and analytic services to provide insights about your website's security and performance.
NGINX, Inc. is the company behind NGINX, the popular open source project trusted by more than 400 million sites. We offer a suite of technologies for developing and delivering modern applications. The NGINX Application Platform enables enterprises undergoing digital transformation to modernize legacy, monolithic applications as well as deliver new, microservices‑based applications. Companies like Netflix, Starbucks, and McDonalds rely on NGINX to reduce costs, improve resiliency, and speed innov
Cloudbric is a cloud-based web security provider, offering an award-winning Web Application Firewall (WAF), DDoS protection, and SSL. Cloudbric offers security primarily to startup and SMB websites that lack cybersecurity experience or can't afford expensive IT security solutions. Cloudbric’s services are free for all websites with less than 4GB of bandwidth per month. We charge based on amount of web traffic, making Cloudbric perfect for SMEs and new startups. Our services are military-grade
Sucuri is a managed security service provider for websites. Our cloud-based tools provide complete website security solution, including performance optimization via a CDN, mitigation of external attacks like vulnerability exploits and DDoS attacks, and professional response in the event of security incident. The team provides 24/7/365 customer service with a 97% satisfaction rate, and a median response time of 4 hours.
Alert Logic's SIEMless Threat Management offering seamlessly connects an award-winning security platform, threat intelligence & expert defenders to provide the right level of security & compliance coverage for the right resources across your environments. Choose your level of coverage for asset discovery, vulnerability scanning, cloud configuration checks, threat monitoring, intrusion detection, log collection & monitoring, WAF defense & more - with 24/7 support & SOC service
Eliminate application vulnerabilities and stop data breaches. You depend on applications everyday. They are how your customers and partners connect with you, and they are how your employees get their jobs done. Unfortunately, your applications remain one of the most commonly exploited threat vectors. Barracuda WAF protects your web, mobile and API applications from being compromised, and prevents data breaches— ensuring you maintain your reputation and your customer's confidence.
We protect against the full spectrum of threats your web applications and APIs actually face.
Built on a proven security platform. Enterprise-proven technology that provides comprehensive protection from all OWASP recognized security risks, DDoS attacks, and even the most advanced zero-day threats. Proactive bot defense ensures always-on protection from automated attacks, web scraping, and brute force attacks. Simplified application security for everyone. Remove the complexity of setting up and configuring your application security solution. Barracuda WAF-as-a-Service delivers protectio
Web Application Firewall is a web based app that protect website from the malicious attacks, including OWASP Top 10 protection around code injection, HTML injection, directory traversal, command injection, JSON validation, SQL injection and cross-site scripting. In addition, signature-based engines can be used for blocking known attack patterns.
Atomic ModSecurity Rules is a comprehensive WAF rule set with hundreds of ModSecurity WAF rules to protect applications against web attacks and is fully backed by expert support. More info: https://www.atomicorp.com/atomic-modsecurity-rules/ WAF Rules to Strengthen ModSecurity Against: - SQL injection - Cross-site scripting - Cross-site request forgery - Encoding abuse - Protocol abuse - Unicode and UTF-8 attacks - HTTP smuggling - Path recursion - Web spam - Shells - And much more
Bekchy is a cloud-based web application firewall. Bekchy provides protection against SQL Injection, XSS, CSRF, RCE, RFI/LFI and other vulnerabilities specified by OWASP Top 10. It is compatible with Nginx, Apache, Litespeed, IIS, Apache Tomcat, Lighttpd, Haproxy and all web application servers as well as all software languages like PHP, .net, Java, Ruby and Python. Bekchy works in front of all web application servers from SMB to enterprises and government agencies.
Help protect your critical data from hacking, phishing, site scraping, cross-site scripting and parameter tampering, with CenturyLink Web Application Firewall services. CenturyLink® Web Application Firewall (WAF) delivers substantial web application protection from attacks and helps prevent costly data breaches and downtime. WAF delivers dynamic ongoing website protection, allowing application transactions only from authorized users and protecting critical data from a variety of attacks, such
Fastlymassive globally distributed network provides rapid protection against web application vulnerabilities, DDoS, and botnet attacks. Enforce security rules at the edge with real-time insights into suspicious traffic and the ability to update your configuration in milliseconds.
WAF enables effective protection against XSS (Cross-Site Scripting) attacks, SQL injections, and zero-day exploits. Also, it enables blocking the activity of suspicious bots stealing the contents. The protection rules are user-definable and the protection is active round the clock. The WAF functionality is addressed to all website owners.
Indusface web application scanning helps detect web application vulnerabilities, malware, and logical flaws with daily or on-demand comprehensive scanning. Managed by certified security experts, Indusface web application scanning helps organizations find a greater business impact of logical flaws with detailed demonstrations through proof-of-concept.
KEMP’s Application Firewall Pack (AFP)* combines Layer 7 Web Application Firewall protection with other application delivery services including intelligent load balancing, intrusion detection, intrusion prevention as well as edge security and authentication. KEMP WAF provides continuous protection against vulnerabilities with daily rule updates based on threat intelligence and research from information security provider, Trustwave.
OpenFusion Security offers enterprises two very effective application security gateway products for firewalling Web Services and CORBA/EJB based applications. Both DBC products provide extensive Authentication, Authorization and Audit (AAA) functionality.
Defends against the latest attacks, data breaches and helps eliminate downtime. The WAF serves as an essential part of any defense-in-depth security architecture by providing advanced inspection and specialized security for the web application layer. The WAF can operate as a standalone unit or in conjunction with the ADS Series for defense-in-depth security.
feature-rich web application security platform is 100% cloud-based. It's artificial intelligence based machine learning algorithms effectively protect web applications from cyber attacks. Configured as a reverse-proxy, the Web Application Protection platform inspects all traffic destined to your web application origin and identifies and blocks any malicious traffic.
At its core, Reblaze runs a robust Web Application Firewall engine. It detects and blocks SQL injection, XSS, OSCi, cookie and session poisoning, malicious payloads, and other attacks. The Reblaze WAF/IPS uses a multivariate approach, including a variety of techniques to accurately identify and block malicious traffic. This includes Application Whitelisting, Behavioral Analysis, Blacklisting, Fine-grained ACL, and Machine Learning.
Venusense Web Application Firewall (WAF) is a new generation of Web security protection and application delivery product developed by Venustech. It mainly provides HTTP/HTTPS traffic analysis for Web servers, prevents attacks aimed at Web application vulnerabilities, optimizes Web application accesses to improve the availability, performance, and security of Web/network protocol based applications and ensure the quick, secure, and reliable delivery of Web service applications.
Verizon WAF is a Cloud-based Web Application Firewall and is a key component of Verizon’s DEFEND suite of web security solutions. Verizon WAF is based on the world’s most deployed web application firewall engine, ModSecurity, and is designed to provide a high degree of protection against cybercrime, hacktivism, and cyber espionage.
Wallarm is an AI-powered application security solution for the teams launching new modular software services or upgrading their existing web applications to a new stack. Wallarm includes an adaptive Next Gen WAF, attack sandboxing, vulnerability scanner and development time testing modules.