20.2.1. Web Application Firewall

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/5

flashcard set

Earn XP

Description and Tags

20.2 Secure Development

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

6 Terms

1
New cards

WAF

- (Web Application Firewall):

- A digital bouncer for your website.

- It sits in front of your web app, checking all incoming web traffic.

- Its job is to block common online attacks, especially those trying to send malicious code or data to your app.

2
New cards

### 🛠 What Does a WAF Protect Against?

- Cross-Site Scripting ([[XSS]])

- SQL Injection (SQLi)

- Information Disclosure

- Other OWASP Top 10 vulnerabilities

3
New cards

XSS

**Cross-Site Scripting

A type of attack where a hacker injects malicious code (usually JavaScript) into a legitimate website, which then runs in other users' web browsers without their knowledge, often to steal information.

Attacks the user's browser, trying to steal their info or control their web experience.

4
New cards

Information Disclosure

A security flaw where an application or system accidentally reveals sensitive data (like error messages with internal details, or private user information) to people who shouldn't see it.

5
New cards

OWASP

(Open Worldwide Application Security Project):

A global group of security experts who create free tools and guides to help make software safer.

6
New cards

SQL Injection

An attack where a hacker inserts malicious code into data inputs (like a login form) to trick a website's database into revealing, changing, or deleting sensitive information.

Attacks the website's back-end database, trying to steal or mess with stored data.