What is a web application firewall (WAF)?
A web application firewall (WAF) protects web applications from attacks over the Hyper Transfer Protocol (HTTP). The typical attack vectors for web applications are described in the OWASP Top 10 and include injection attacks (SQL, Command, LDAP, Script or XPath Injections), Cross Site Scripting (XSS), Hidden Filed Tampering, Parameter Tampering, Cookie Poisoning, Forceful Browsing or Buffer Overflows. A WAF provides upstream protection against these attacks.
WAF is a part of "WAAP"
The boundaries between web applications and APIs are becoming increasingly blurred. This is because modern web applications use REST APIs to provide a fast and convincing user experience. The security of web applications and APIs should therefore not be considered in isolation either. WAF functions and API security belong together and they are being merged in Web Application and API Protection (WAAP) solutions.