Web Application Firewalls

Best Web Application Firewalls include:

Barracuda Web Application Firewall, NGINX, and AWS WAF.

Web Application Firewalls  TrustMap

TrustMaps are two-dimensional charts that compare products based on trScore and research frequency by prospective buyers. Products must have 10 or more ratings to appear on this TrustMap.

Web Application Firewalls Overview

What are Web Application Firewalls (WAFs)?

Web Application Firewalls (WAFs) help protect externally-facing web applications. WAFs are part of a layered cybersecurity strategy. It falls to the WAF to prevent zero-day attacks on web apps and APIs that potentially reside in serverless architecture.

In 2006 the Payment Card Industry Data Security Standard (PCI DSS) mandated the protection of applications in production environments with web application firewalls or other devices that provide similar functionality.

Web Application Firewall (WAF) Features & Capabilities


WAFs protect web applications against threats such as:

  • Cross-site scripting

  • SQL injection

  • Session hijacking

  • Denial of service

  • Buffer overflows


WAFs generally present the following features:


  • Libraries of attack data based on known attacks to web applications

  • Monitoring, filtering and blocking of data and access to web applications

  • Automated attack detection, both identity-based (e.g. dynamic whitelisting, fingerprinting, risk scoring) and behavioral (e.g. risk scoring)

  • Advanced security techniques (e.g. deception/misdirection, virtual patch deployment, honeypot)

  • Zero-day attack prevention (related to the above)

  • A management interface with alert system

  • Reporting and analytics on threat and application usage

Pricing Information

The cost of web application firewalls depends on deployment. There are three options:

  1. A managed service or cloud-hosted WAF delivered as part of a subscription. This can be relatively low overhead as part of a larger subscription (e.g. part of a CDN). But it also may contain unneeded features.

  2. A network-based appliance. This presents relatively high overhead but reduces latency because it is installed locally and close to the application.

  3. A host-based WAF residing in the application’s code. This is rarer and may present less desirable computing costs and greater maintenance.

Web Application Firewalls Products

(1-25 of 44) Sorted by Most Reviews

NGINX

NGINX, a business unit of F5 Networks, powers over 65% of the world's busiest websites and web applications. NGINX started out as an open source web server and reverse proxy, built to be faster and more efficient than Apache. Over the years, NGINX has built a suite of infrastructure…

Cloudflare

Cloudflare

Top Rated
Starting Price $20

Cloudflare, from the company of the same name in San Francisco, provides DDoS and bot mitigation security for business domains, as well as a content delivery network (CDN) and web application firewall (WAF).

F5 BIG-IP

F5 BIG-IP software from Seattle-based F5 Networks is a load balancing and application protection solution suite available on cloud or via virtual editions, on a subscription or perpetual licensing basis. The BIG-IP suite of products supports a wide range of security and application…

AWS WAF

AWS WAF

Starting Price $0.60

Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security…

Oracle Dyn Web Application Security Platform

Oracle Dyn Web Application Security Platform extends beyond just typical Web Application Firewall (WAF) capabilities to offer Access Control, Bot Management, application DDoS protection and API security.

Barracuda Web Application Firewall

Barracuda Web Application Firewall, from Barracuda Networks in Campbell, California, protects web applications from bots, DDoS attacks, and other advanced threats to enterprise apps.

StackPath (formerly Highwinds) CDN

The StackPath (formerly Highwinds) Content Delivery Network provides a scalable DNS with load balancing, traffic management, DDoS protection and Web Application Firewall (WAF) to support and protect enterprise websites and applications.

Imperva Web Application Firewall (WAF)

The Imperva Web Application Firewall (WAF) is based on technology acquired with Incapsula and the former WebSphere WAF.

SonicWall Web Application Firewall

SonicWall offers their WAF Series, of web application firewalls.

Comodo cWatch

Comodo Cybersecurity headquartered in Clifton offers cWatch, a website malware and vulnerability scanner that provides content filtering as well at the free service level, and at paid premium subscription levels supplies WAF, DDoS protection, as well as load balancing and website…

Azure Application Gateway

Microsoft's Azure Application Gateway is a platform-managed, scalable, and highly available application delivery controller as a service with integrated web application firewall.

Managed Web Application Firewall, part of Alert Logic Enterprise

Alert Logic's Managed Web Application Firewall, formerly available as Alert Logic Web Security Manager, is presented as a highly tunable, enterprise-grade, web application firewall (WAF) that comes with its own security experts to eliminate management overhead and complexity. The…

Cloudbric

Cloudbric is a cloud-based web security provider, offering a Web Application Firewall (WAF), DDoS protection, and SSL. Its WAF component protects web applications from the most critical web app security risks as identified by OWASP, including DDoS attack, SQL injection, and cross-…

R&S Web Application Firewall

German company Rohde & Schwarz offers the R&S Web Application Firewall to protect enterprise apps against data leakage, disablement, identity theft and intrusion.

Radware AppWall

Radware offers AppWall, a PCI compliant web application firewall (WAF) securing corporate networks and the cloud against web app attacks.

PT Application Firewall

Positive Technologies headquartered in Framingham offers the PT Application Firewall (AF), a web application firewall (WAF) which uses advanced machine learning and correlative techniques to detecting and prevent zero-day attacks on enterprise apps.

WAPPLES

WAPPLES utilizes an intelligent detection engine to protect enterprise from advanced web-based attacks, including SQL injections, DDoS, and APTs. The vendor says that WAPPLES’ ease of deployment and low operational workload have been cited as main reasons for high customer satisfaction.…

Qualys Web Application Firewall (WAF)

Qualys offers their Web Application Firewall (WAF), available on its own or as part of the Qualys Cloud Platform network and application vulnerability management suite.

CenturyLink Web Application Firewall (WAF)

CenturyLink® Web Application Firewall (WAF) delivers substantial web application protection from attacks and helps prevent costly data breaches and downtime. WAF delivers dynamic ongoing website protection, allowing application transactions only from authorized users and protecting…

Bekchy

Bekchy is a cloud-based web application firewall, developed by Faydata Information Technologies Inc. Bekchy works in front of all web application servers. According to the vendor, Bekchy is used by finance, health, education, tourism and media sectors. It provides basic and advanced…

Instart Web Security

Instart Web Security is designed to secure your web apps from the dangers of the public web. All entry points into your application servers, whether it be your website, your APIs, or your web apps can be protected and secured with Instart Web Security. Instart provides protection…

Limelight Cloud Security

Limelight Cloud Security is a content access and permission management solution with web application firewall and DDoS protection, providing a digital rights management (DRM) solution for video content.

Wallarm

Protect any API. In any environment. Against any threats. OWASP Top-10, OWASP Top-10 API, and 0-days threats. Wallarm is a platform used by Dev, Sec, and Ops teams to build cloud-native applications securely, monitor them for modern threats, and get alerted when threats arise.…

Reblaze

Reblaze is a comprehensive web security solution from the company of the same name in Sunnyvale. It includes DDoS protection, intrusion prevention, bot mitigation, and can be extended with web application firewall (WAF), anti-scraping, as well as CDN integration with autoscaling,…