Web Application FirewallsCloudFlare1https://dudodiprj2sv7.cloudfront.net/vendor-logos/hX/QA/OZAMPT25VJ8G-180x180.PNGF5 BIG-IP2https://dudodiprj2sv7.cloudfront.net/product-logos/U4/Ku/WHB53XESVVQ0.pngOracle Dyn Web Application Security Platform3https://dudodiprj2sv7.cloudfront.net/vendor-logos/VC/02/T4E108T4IWP2-180x180.PNGImperva SecureSphere4https://dudodiprj2sv7.cloudfront.net/vendor-logos/wj/8c/GTC0CZNNPNL3-180x180.JPEGBarracuda Web Application Firewall5https://dudodiprj2sv7.cloudfront.net/vendor-logos/cV/TT/VZW5UWK3DW36-180x180.JPEGIncapsula6https://dudodiprj2sv7.cloudfront.net/product-logos/0F/m6/BSLRQCWZREWB.JPEGAWS WAF7https://dudodiprj2sv7.cloudfront.net/vendor-logos/LY/YM/1TDXH4LPI5BH-180x180.JPEGStackPath (formerly Highwinds) CDN8https://dudodiprj2sv7.cloudfront.net/vendor-logos/Zf/Ro/C833JTPNV0V0-180x180.JPEGAkamai Kona Site Defender9https://dudodiprj2sv7.cloudfront.net/vendor-logos/0L/gn/TJ3U6QN0XGQ1.jpegFortiWeb10https://dudodiprj2sv7.cloudfront.net/vendor-logos/MZ/NA/I0WLZ36A46RB-180x180.JPEGF5 Silverline Web Application Firewall11https://dudodiprj2sv7.cloudfront.net/vendor-logos/oO/bi/C802NVLZVC9G.pngPT Application Firewall12https://dudodiprj2sv7.cloudfront.net/vendor-logos/Yw/Np/67WNFAT6EKTO-180x180.JPEGRadware AppWall13https://dudodiprj2sv7.cloudfront.net/vendor-logos/cZ/2O/U47QJGVT4AV6-180x180.JPEGR&S Web Application Firewall14https://dudodiprj2sv7.cloudfront.net/vendor-logos/t1/03/GW9B3JVCDZK1-180x180.JPEGWAPPLES15https://dudodiprj2sv7.cloudfront.net/product-logos/cM/wq/8117VCCVTFJN.JPEGCenturyLink Web Application Firewall (WAF)16https://dudodiprj2sv7.cloudfront.net/vendor-logos/OK/UO/KTW2ZSTJRMM2-180x180.JPEG

Web Application Firewalls

Web Application Firewall (WAF) Overview

What are Web Application Firewalls (WAFs)?

Web Application Firewalls (WAFs) hel protect externally-facing web applications. WAFs are part of a layered cybersecurity strategy. It falls to the WAF to prevent zero-day attacks on web apps and APIs that potentially reside in serverless architecture.

In 2006 the Payment Card Industry Data Security Standard (PCI DSS) mandated the protection of applications in production environments with web application firewalls or other devices that provide similar functionality.

Web Application Firewall (WAF) Features & Capabilities

WAFs protect web applications against threats such as:

  • Cross-site scripting

  • SQL injection

  • Session hijacking

  • Denial of service

  • Buffer overflows

WAFs generally present the following features:

  • Libraries of attack data based on known attacks to web applications

  • Monitoring, filtering and blocking of data and access to web applications

  • Automated attack detection, both identity-based (e.g. dynamic whitelisting, fingerprinting, risk scoring) and behavioral (e.g. risk scoring)

  • Advanced security techniques (e.g. deception/misdirection, virtual patch deployment, honeypot)

  • Zero-day attack prevention (related to the above)

  • A management interface with alert system

  • Reporting and analytics on threat and application usage

Pricing Information

The cost of web application firewalls depends on deployment. There are three options:

  1. A managed service or cloud-hosted WAF delivered as part of a subscription. This can be relatively low overhead as part of a larger subscription (e.g. part of a CDN). But it also may contain unneeded features.

  2. A network-based appliance. This presents relatively high overhead but reduces latency because it is installed locally and close to the application.

  3. A host-based WAF residing in the application’s code. This is rarer and may present less desirable computing costs and greater maintenance.

Web Application Firewalls Products

Listings (1-16 of 16)


43 Ratings

CloudFlare, from the company of the same name in San Francisco, provides DDoS security to business domains, as well as a content delivery network (CDN) and web application firewall (WAF).


20 Ratings

F5 BIG-IP from Seattle-based F5 Networks is a SSL VPN solution and suite of products supporting a wide range of security and application performance needs. The suite includes BIG-IP Local Traffic Manager (LTM) traffic management and optimization, BIG-IP DNS, BIG-IP Access Policy Manager (APM)...

Oracle Dyn Web Application Security Platform

5 Ratings

Oracle Dyn Web Application Security Platform extends beyond just typical Web Application Firewall (WAF) capabilities to offer Access Control, Bot Management, application DDoS protection and API security.

Imperva SecureSphere

5 Ratings

SecureSphere from Imperva in California is an enterprise application and file security suite, combining database and file security management and monitoring under its database and file security products with the SecureSphere Web Application Firewall, and provides total visibility through its...

Barracuda Web Application Firewall

8 Ratings

Barracuda Web Application Firewall, from Barracuda Networks in Campbell, California, protects web applications from bots, DDoS attacks, and other advanced threats to enterprise apps.


3 Ratings

Incapsula, a Content Delivery Network (CDN) serivce was acquired by Imperva in 2014, and supplies users with DDoS protection and web application firewall (WAF).


2 Ratings

Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.

StackPath (formerly Highwinds) CDN

We don't have enough ratings and reviews to provide an overall score.

The StackPath (formerly Highwinds) Content Delivery Network provides a scalable DNS with load balancing, traffic management, DDoS protection and Web Application Firewall (WAF) to support and protect enterprise websites and applications.

Akamai Kona Site Defender

We don't have enough ratings and reviews to provide an overall score.

Akamai offers their web application firewall and application security applications, including Kona Site Defender, a web application security platform designed to protect web and mobile assets from targeted web application attacks and DDoS attacks while improving performance.


We don't have enough ratings and reviews to provide an overall score.

FortiWeb is Fortinet's web application security system (or web application firewall, WAF) featuring advanced vulnerability management and threat detection and prevention, available in deployment as an appliance or virtual appliance, also as a hosted or a cloud-based virtual solution.

F5 Silverline Web Application Firewall

We don't have enough ratings and reviews to provide an overall score.

F5 Networks offers the Silverline Web Application Firewall (WAF) as a self-managed or managed option as a subscription service based on number of fully qualified domain names (FQDN) supported.

PT Application Firewall

We don't have enough ratings and reviews to provide an overall score.

Positive Technologies headquartered in Framingham offers the PT Application Firewall (AF), a web application firewall (WAF) which uses advanced machine learning and correlative techniques to detecting and prevent zero-day attacks on enterprise apps.

Radware AppWall

We don't have enough ratings and reviews to provide an overall score.

Radware offers AppWall, a PCI compliant web application firewall (WAF) securing corporate networks and the cloud against web app attacks.

R&S Web Application Firewall

We don't have enough ratings and reviews to provide an overall score.

German company Rohde & Schwarz offers the R&S Web Application Firewall to protect enterprise apps against data leakage, disablement, identity theft and intrusion.


We don't have enough ratings and reviews to provide an overall score.

WAPPLES utilizes an intelligent detection engine to protect enterprise from advanced web-based attacks, including SQL injections, DDoS, and APTs. The vendor says that WAPPLES’ ease of deployment and low operational workload have been cited as main reasons for high customer satisfaction. WAPPLES is...

CenturyLink Web Application Firewall (WAF)

We don't have enough ratings and reviews to provide an overall score.

CenturyLink® Web Application Firewall (WAF) delivers substantial web application protection from attacks and helps prevent costly data breaches and downtime. WAF delivers dynamic ongoing website protection, allowing application transactions only from authorized users and protecting critical data...