WAF & Security Glossary

B

Bot Management

Technologies and strategies for detecting, categorizing, and managing automated traffic (bots) to web applications.

WAF Features

C

Content Security Policy (CSP)

A security HTTP header that helps prevent cross-site scripting (XSS), clickjacking, and other code injection attacks by controlling which resources can be loaded.

HTTP Security Headers

Cross-Site Request Forgery (CSRF)

An attack that tricks authenticated users into submitting unwanted requests to a web application in which they're currently authenticated.

Attack Types

Cross-Site Scripting (XSS)

A vulnerability that allows attackers to inject malicious client-side scripts into web pages viewed by other users.

Attack Types

D

DDoS Protection (DDoS)

Security measures and services that defend against attacks designed to overwhelm systems with traffic and make them unavailable to legitimate users.

WAF Features

M

ModSecurity

The original open-source web application firewall engine, providing a rule-based framework for web application protection.

WAF Products

O

OWASP Top 10

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

Standards & Frameworks

R

Rate Limiting

A technique to control the rate of requests a user can make to an application, protecting against abuse and brute force attacks.

WAF Features

S

SQL Injection (SQLi)

An attack technique that exploits vulnerabilities in an application's database layer by inserting malicious SQL code into queries.

Attack Types

V

Virtual Patching

A WAF technique that provides immediate protection against known vulnerabilities without modifying the application code.

WAF Features

W

Web Application Firewall (WAF)

A security solution that monitors, filters, and blocks HTTP/HTTPS traffic to and from a web application to protect against attacks.

WAF Features