Transcription
FAQF5 Advanced WAFFAQF5 Advanced WAFSeptember 20181
FAQF5 Advanced WAFContentsPackaging . 5Deployment Scenarios . 8Use Cases . 8Positioning . 10Migration . 12Pricing . 14Resources. 142
FAQF5 Advanced WAFProduct OverviewWhat is F5 announcing?F5 is releasing a new product called Advanced WAF. Availability is targeted for Q2 FY18. The new offering will behighlighted in the App Protection marketing campaign starting in April 2018.Why is F5 releasing Advanced WAF?F5 is re-defining web application security to address the most prevalent threats customers are facing today: Automated attacks and bots that overwhelm existing security solutions Web attacks that steal credentials and gain unauthorized access across user accounts Application layer attacks that evade signature and reputation-based security solutions New attack surfaces and threats due to the rapid adoption of APIsAdvanced WAF provides a dedicated solution for application security that targets the security buyer with differentiatedcapabilities.What is a WAF?A WAF is an application-layer security solution that sits in-front of an application to protect against attacks orvulnerabilities without having to change the application itself.Web Application Firewalls (WAFs) protect applications from common attacks such as cross-site scripting (XSS) andSQL injection. A WAF is different from a regular firewall in that a WAF is able to filter the content of specific webapplications while network firewalls provide port filtering and segmentation. WAF solutions are capable of preventingattacks that network firewalls and intrusion detection systems can't, and they do not require modification of applicationsource code.What is an Advanced WAF?The term "Advanced WAF" describes protection that goes beyond the traditional WAF functions by adding securitycapabilities needed to defend against current threats.F5 Advanced WAF introduces new capabilities that are unique in the WAF market: Bot detection beyond signatures and reputation to block evolving automated attacks Application layer encryption to protect against credential theft L7 DDoS detection using machine learning and behavioral analytics for high accuracyUS Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFAn advanced WAF has the following capabilities: Protection from Web Exploits and application vulnerabilities (CVEs) Bot protection Protection from credential attacks The ability to use real-time threat intelligence and reputation L7 DDoS mitigation based on machine learning and behavioral analytics API SecurityThings to consider when evaluating an advanced WAF:Bot Protection:Detection goes beyond signatures and reputation to accurately detect malicious and benign bots using client behavioralanalysis, server performance monitoring, and escalating JavaScript/CAPTCHA challengesCredential Attacks:Protects against attacks that can steal credentials from the user’s browser (e.g. keyloggers), from data in transit (e.g.MiTM), and/or from the server (e.g. vulnerabilities/data leakage)Performance:Scalable full proxy deployment with integrated TLS/SSL decryption and hardware accelerationFlexible Deployment:Available as a hardware appliance/chassis for the Data Center, and software for private/public Cloud.What F5 products support Advanced WAF?Initially, Advanced WAF will be supported on the following BIG-IP platforms: iSeries i2x00, i4x00, i5x00, i7x00, i10x00, i11x00, i15x00 BIG-IP 2000s/2200s, 4000s/4200v, 5050s/5250v, 705Xs/72XXv, 10XXXv/10X5Xs, 12250v VIPRION 2400 series VIPRION 4400 series BIG-IP Virtual Edition in Private Cloud: 25 Mbps, 200 Mbps, 1 Gbps High Performance VE (8 cores, 12 cores, 16 cores) BIG-IP Virtual Edition in Public Cloud marketplaces (Amazon, Azure)Note: Support for the Google Cloud Platform is coming soon.US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFDoes Advanced WAF support FIPS?Advanced WAF can be added to FIPS certified BIG-IP platforms running Local Traffic Manager (LTM). StandaloneAdvanced WAF on FIPS certified platforms is on the roadmap.Is Advanced WAF certified by ICSA Labs?Advanced WAF can be added to ICSA-certified BIG-IP platforms running Local Traffic Manager (LTM).PackagingWhat version of BIG-IP supports Advanced WAF?Advanced WAF is supported beginning in BIG-IP version 13.1.0.2.What is included in F5 Advanced WAF?F5 Advanced WAF includes all features found in ASM and adds additional capabilities:US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFWhat is Base ADC?Base ADC refers to Application Delivery capabilities found in BIG-IP LTM such as SSL offload and load balancing.What is L7 DDoS?L7 DDoS refers to comprehensive application layer DDoS mitigation capabilities found in Advanced WAF.What is WAF?WAF refers to core ASM capabilities such as OWASP Top 10 protection.What is API Security?API Security refers to a future add-on to Advanced WAF.What is Anti-Bot (A.Bot)?Anti-Bot (A.Bot) refers to bot protection.What is Anti-Bot Mobile SDK (A.Bot M)?Anti-Bot Mobile SDK (A.Bot M) refers to bot protection specific to mobile apps. The Anti-Bot Mobile SDK is available asan add-on to Advanced WAF and ASM.Mobile apps do not support JavaScript. JavaScript is a primary technique used to detect automated attacks and bots.Mobile apps that do not support JavaScript cannot be protected by many traditional bot mitigation techniques.Customers can eliminate the risk of automated attacks by establishing a Whitelist using the Mobile SDK.Anti-Bot Mobile SDK uses a Whitelist to establish trust based on an embedded software package within the customer’sapplication code, and corresponding cookie verification by Advanced WAF.How is the Anti-Bot Mobile SDK Deployed?Traditionally, Software Development Kits (SDKs) require a developer to combine the mobile SDK and the customer’sown mobile application code. F5, through a partnership with Appdome, removes SDK limitations that require manualintegration of SDKs to apps; enabling rapid integration and less deployment cycles. The components of the Anti-BotMobile SDK include the SDK, Advanced WAF, and Appdome.What is DataSafe?DataSafe refers to Application Layer Encryption, which allows Advanced WAF to protect credentials and sensitive fieldsfrom compromise at the client/browser level.US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFWhat is Behavioral DoS Unlimited?Behavioral DOS Unlimited refers to behavioral DoS (BDoS) support across all virtual servers.What is Upstream Signaling?Upstream Signaling refers to the capability for an on-premise Advanced WAF solution to re-direct traffic to F5 Silverlineduring an attack. This capability is available today through an iApp.What is Credential Stuffing DB?Credential Stuffing Database; a future subscription service for Advanced WAF that leverages a threat feed of knownstolen credentials. The initial launch of Advanced WAF supports Early Access (EA) of the Credential Stuffing DB.What is Threat Campaign?Threat Campaign refers to a future subscription service for Advanced WAF that includes unique signatures andmetadata to mitigate current malicious campaigns with high accuracy.What is C. Device ID?Centralized Device ID; a future subscription service for Advanced WAF that leverages a central repository of DeviceIDs.When will Advanced WAF be available in Public Clouds?Advanced WAF is available today in the Amazon and Azure marketplaces. Support for the Google Cloud Platform iscoming soon.When will Advanced WAF be available in F5 Silverline?Planning is underway to support Advanced WAF in F5 Silverline.Can Advanced WAF be part of Enterprise Licensing Agreement(ELA)?Yes. Advanced WAF is offered through the ELA program.Is Application Layer Encryption (DataSafe) available for ASM?Yes, DataSafe is available as an add-on option for ASM.Is Anti-Bot Mobile SDK (ABM) available for ASM?Yes, Anti-Bot Mobile SDK is available as an add-on for both Advanced WAF and ASM.US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFWhy would a customer purchase Advanced WAF instead of ASM?Advanced WAF has unlimited Behavioral DoS support, and is the platform for future security enhancements such asCredential Stuffing DB, Threat Campaign, C. Device ID subscriptions, and automated signaling to F5 Silverline.Deployment ScenariosHow is F5 Advanced WAF deployed?F5 Advanced WAF leverages the same inline full proxy architecture as existing BIG-IP solutions. Other deploymentscenarios such as L2 Transparent (non-proxy) are supported.Why is F5 Advanced WAF deployed inline?F5 believes an inline, full proxy architecture is the most superior deployment model for detecting bad actors, decryptingmodern SSL/TLS, monitoring server behavior, and preventing data leakage. The superior architecture, performance,and capabilities of F5 Advanced WAF sets it apart in the WAF market.Can Advanced WAF run in the Cloud?Yes. Advanced WAF is supported on Virtual Edition for Private Clouds (ex. VMware), as well as in Public Cloudmarketplaces (Amazon, Azure). Support for the Google Cloud Platform is coming soon.Use CasesWhat are the target use cases for F5 Advanced WAF?1) Advanced bot protection2) Account Takeover3) App-layer Denial of Service (L7 DDoS)Why would a customer want advanced bot protection?Bots continue to evolve as attacks find methods to evade detection. Automation continues to grow in sophistication. Asevasion techniques mature, bots can emulate legitimate users and evade signature and reputation-based detection.50% of all Internet traffic is attributed to bots, half of which can be malicious, such as vulnerability scanners, webscrapers, DDoS tools, and tools from SPAM and user forums.How does F5 protect against advanced bots?Behavior analytics in F5 Advanced WAF can detect threats that signature-based approaches miss or incorrectly blockUS Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAF(false positives). F5 Advanced WAF also enables bot protection in cases where JavaScript cannot be used, forexample, with mobile apps.Behavior analytics augments existing protection against bots: client transaction and server latency monitoring, resourceintensive URL monitoring, proactive bot defense, and CAPTCHA challenges.Why would a customer want to protect against Account Takeover?Account Takeover is a lucrative business for criminals, given many users share credentials across accounts. AccountTakeover is a type of attack where criminals pose as a legitimate user and gain access to a customer account to makeunauthorized transactions. These accounts contain valuable information such as financial data. This activity is less likelyto cause suspicion from security solutions, as the transaction appears legitimate.Account Takeover typically involves two steps:1) Theft of sensitive data (credential harvesting, data leakage)2) Use of stolen credentials to gain unauthorized access (credential stuffing/brute force)How does F5 protect against theft of sensitive data?F5 Advanced WAF uses app-layer encryption (DataSafe) to protect sensitive data and credentials. While customersmay use TLS/SSL to encrypt data in motion, encryption stops at the browser, and leaves sensitive data susceptible totheft via malware or man-in-the-middle (MiTM) attacks. The extra layer of security provided by DataSafe can mitigategeneric keyloggers and credential capture tools at the browser level.Using F5 Advanced WAF, customers encrypt data at the field-level without installing a client for the user or an agent onthe Web server. This ensures that, if malware such as a keylogger captures credentials or sensitive data, it cannot beused.How does F5 protect against unauthorized access from use ofstolen credentials?Advanced WAF prevents credentials from being compromised and protects against brute force hacking with previouslycompromised credentials.Hackers have used brute force to compromise user accounts. Traditionally, brute force mechanisms protect oneaccount from multiple login attempts with account lockout. However, account takeover has evolved to moresophisticated methods, including distributed attacks, and re-use of known credentials through automated tools (i.e.credential stuffing).Over 4 billion user records were compromised in 2016 alone. These databases of stolen credentials are ticking timebombs waiting for credential stuffing attacks, where hackers use automated tools to gain unauthorized access.F5 Advanced WAF offers the most advanced and comprehensive brute force protection available, including distributedbrute force protection, CAPTCHA challenges, honeypots, and custom responses.US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFWhy would a customer want to protect against app-layer DDoS?Availability and uptime is a key principle to security. While many denial of service vendors focus on large-scalevolumetric attacks, application-layer attacks are happening without detection.These application-layer attacks are low-and-slow and target resources other than bandwidth; for example, CPU andmemory, which can impact applications, APIs, firewalls, and other infrastructure. These attacks avoid network-leveldetection, challenge traditional detection methods, and can be just as crippling as large-scale volumetric attacks.Advanced WAF uses a variety of techniques and escalating challenges to mitigate app-layer DDoS, including behavioralanalysis, client fingerprinting, and server monitoring.How does F5 protect against app-layer DDoS?F5 Advanced WAF improves operational efficiency with low-latency, low-touch mitigation, providing comprehensivesecurity without burdening staff or impacting user experience.F5 Advanced WAF can improve detection accuracy by using real-time, observed application baselines rather than statictechniques such as signatures. F5 Advanced WAF baselines normal traffic, builds and enforces real-time DDoSsignatures for new app-layer (L7) attacks. Stress detection reduces false positives and ensures mitigation action onlyoccurs when an attack is impactful.Advanced WAF can differentiate between benign and malicious bots, web scrapers, and brute force hacking attempts.Does Advanced WAF help mitigate the OWASP Top 10?Yes. Advanced WAF protects against the OWASP Top 10, and goes beyond OWASP Top 10 protection to defendagainst automated attacks, bots, account takeover, and app-layer (L7) DDoS.PositioningWho is the target customer for F5 Advanced WAF?Prospects looking for best-in-class Web security controls and existing LTM, ASM, and GBB customers looking toexpand Web security capabilities are targets for Advanced WAF.F5 Advanced WAF targets the security buyer, who focuses on serious risks to the business. The security buyer needsmore than generic protection for safeguards, and is looking for best-in-class security controls for specific risks andthreats. Security buyers include CISO, Security Architects, Security Engineers. CISSP is a common certificate held bysecurity buyers.In addition, Line of Business (LOB) owners responsible for application rollouts, such as Enterprise Architect andDevOps Engineer, may be interested in Advanced WAF for comprehensive protection of critical applications.Best (GBB) targets the NetOps buyer whose goal is to improve operational efficiency with consolidation. ASM remainsUS Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFin Best and remains a competitive differentiator against core ADC competitors. Advanced WAF is tailored for thesecurity buyer and introduces protection beyond the current WAF market. F5 Advanced WAF is the product for futureWeb security add-ons and uses cases.What are 3 reasons to upgrade to Advanced WAF?1. Bot protection needs to go beyond reputation threat-feeds2. Extend security to the data itself to protect against credential theft and data leakage3. Accurate L7 DDoS detection requires machine learning for behavior analyticsHow does F5 Advanced WAF compare to Imperva SecureSphere?F5 Advanced WAF has been packaged to position F5 to win with our strongest capabilities against Imperva.App-layer EncryptionImperva does not offer app-layer encryption, which is the best way to protect sensitive data and credentials from theftthrough malware tampering and MiTM attacks.Bot protectionSecureSphere is heavily reliant on signatures and reputation for bot protection. F5 supports signatures, reputation, clientbehavioral analysis, server performance monitoring, escalating JavaScript/CAPTCHA challenges, and supportsscenarios where JavaScript injection is not possible (e.g. mobile apps).L7 DDoSImperva is limited to threshold based detection, which is susceptible to false positives. Imperva lacks serverperformance monitoring and automatic signature creation.SSL decryptionManagement of SSL on SecureShere is through modification of text files on the command line. Imperva recently addedsupport for modern cryptography (ECDHE/PFS), though this support will result in considerable performancedegradation.When do I position Advanced WAF versus DDoS Hybrid Defender?App-layer (L7) DoS mitigation is a critical component of Web security. A two-tiered, defense-in-depth strategy is best fordefending against blended DoS. Customers should use F5 Advanced WAF for protecting application resources fromapp-layer (L7) DDoS and F5 DHD for L3-7 DDoS protection at the network edge.What do I sell between now and the release of Advanced WAF?ASM or Best, depending on the customer use case. In addition, DataSafe and Fraud Protection Services (FPS) can addadditional application security protection such as application layer encryption.US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFWhat about customers who purchased ASM or Best within the lastyear?F5 will have an internal program to migrate customers who recently purchased ASM and/or Best to Advanced WAF.What happens to a customer’s support contract after migrating toAdvanced WAF?Advanced WAF is a perpetual license and has an associated support subscription component.MigrationHow do existing F5 customers take advantage of Advanced WAF?The following table depicts several scenarios for positioning F5 Advanced WAF:Available Add-onsCustomer TypeWhat to Sell(At Launch) *New CustomerAdvanced WAF Anti-bot mobile SDKIP IntelligenceASM stand-alone / add-onUpgrade to Advanced WAF Anti-bot mobile SDKDataSafeIP IntelligenceGBB (Best)Upgrade to Advanced WAF Anti-bot mobile SDKDataSafeIP IntelligenceLTMLTM Add-on for Advanced WAF Anti-bot mobile SDKDataSafeIP Intelligence*DataSafe is included in Advanced WAFUS Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFThe following table depicts several scenarios for positioning F5 Advanced WAF:Target CustomerNet NewHow to get Advanced WAFBuy Advanced WAF standalone or BIG-IP add-onLTM CustomersAdvanced WAF add-on license SKUASM CustomersAdvanced WAF Upgrade SKUBest CustomersAdvanced WAF Upgrade license SKUAdvanced WAF is available for prospects and existing customers on supported platforms: Net new customers can buy Advanced WAF standalone or as an add-on to a BIG-IP solution BIG-IP customers can acquire Advanced WAF through an add-on license SKU* ASM standalone customers can Upgrade to Advanced WAF with an upgrade license SKU Best customers can upgrade to Advanced WAF with an upgrade license SKUSupported BIG-IP platforms include iSeries i2x00, i4x00, i5x00, i7x00, i10x00, i11x00, i15x00 BIG-IP 2000s/2200s, 4000s/4200v, 5050s/5250v, 705Xs/72XXv, 10XXXv/10X5Xs, 12250v VIPRION 2400 and 4400 series BIG-IP Virtual Edition in Private Cloud: 25 Mbps, 200 Mbps, 1 Gbps High Performance VE (8 cores, 12 cores, 16 cores) BIG-IP Virtual Edition in Public Cloud marketplaces (Amazon, Azure)Note: Once licensed for Advanced WAF, F5 customers can add the Anti-Bot Mobile SDK through an Add-on licenseSKU.Note: Support for the Google Cloud Platform is coming soon.US Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
FAQF5 Advanced WAFIs ASM going away?ASM is a subset of Advanced WAF. No ASM features are not going away. ASM will continue to be offered in GoodBetter-Best and remains a key differentiator against core F5 ADC competitors.Advanced WAF furthers F5 security differentiation. ASM stand-alone products and ASM add-ons will be replaced by thenew Advanced WAF offers.Can my existing ASM customers upgrade to Advanced WAF?Yes. F5 will offer an upgrade path for existing ASM customer who will want to move to advanced WAF.Can my existing GBB customers upgrade to Advanced WAF?Yes. F5 will offer an upgrade path for existing Best customers who will want to move to advanced WAF through anAdvanced WAF add-on license SKU. Advanced WAF provides protection beyond ASM and Best, including applicationlayer encryption, mobile bot defense, and behavioral DoS support for all services.PricingHow do customers purchase Advanced WAF?Please contact your preferred distributor for pricingResourcesWhere can I find additional Advanced WAF resources? Visit Partner Central (https://partners.f5.com/Solutions/AdvancedWAF) for additional resources,including: Partner Sales PlayQuick Reference GuideComing soon: eLearning, recorded demo, and recorded webinarsUS Headquarters: 401 Elliott Ave W, Seattle, WA 98119 888-882-4447partners@f5.com 2018 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries.Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of the respective ownerswith no endorsement or affiliation, expressed or implied, claimed by F5. TMPL-CORE-215662710 03.18
A WAF is an application-layer security solution that sits in-front of an application to protect against attacks or vulnerabilities without having to change the application itself. Web Application Firewalls (WAFs) protect applications from common attacks such as cross-site scripting (XSS) and SQL injection.
