What is a WAF and How Are They Different from Traditional Firewalls - Linux Security Podcast Ep. 5

Web application firewalls (WAF) are a specialized form of firewall designed to protect applications from internet-based attacks. Firewalls must be lightweight to ensure people can quickly get onto the internet and data can be returned, but WAFs are much more sophisticated. They need to interact with data coming from the web server and the user and analyze it in ways that a traditional firewall cannot. It is an application itself. Atomicorp CEO and long-time Modsecurity contributor Mike Shinn talks about these differences, good and bad WAF attributes, software-based WAFs, the role of rules in making a WAF effective and the origin of the open source WAF Modsecurity.