Subscribe to the Salt blog

Privacy Policy

Learn about the Salt + CrowdStrike Falcon integration

Learn more

WAFs, What Are They Good For?

Chris WestphalChris Westphal
Jul 16, 2020

Get ready for episode number 3 of our video series called API Security With A Pinch Of Salt. In this episode, Adam and Chris answer the question – WAFs, what are they good for?

Learn why apps are built on APIs, the security risk APIs present, and best practices for securing APIs.

The first dedicated WAF was introduced to the market in 1997 by Perfecto Technologies with their AppShield product. Perfecto, renamed as Sanctum, is also credited with defining the first top ten list of web application hacking techniques which, at the time, included:

  • Hidden field manipulation
  • Cookie poisoning
  • Parameter tampering
  • Buffer overflow
  • Cross site scripting (XSS)
  • Backdoor or debug options
  • Stealth commanding
  • Forced browsing
  • Third party misconfigurations
  • Known vulnerabilities

This list evolved into the OWASP Top Ten, first published in 2003, and since then we’ve seen both the Top 10 and WAFs evolve to keep up with the latest and greatest threats to applications over the years.

Fast forward to 2019 and the OWASP community decided that API vulnerabilities are unique enough that it was time to define a Top 10 list specific to API-based applications and API Security.

So the question is – how does the WAF stand up as APIs have increasingly become the centerpiece of applications and a primary target for attackers? Check out the video to hear what we think and let us know your thoughts in the comments below.

Tags

API Security Strategy
API Security 101
Go back to blog
Oh-Auth - Abusing OAuth to take over millions of accounts

Oh-Auth - Abusing OAuth to take over millions of accounts

It’s extremely important to make sure your OAuth implementation is secure. The fix is just one line of code away. We sincerely hope the information shared in our blog post series will help prevent major online breaches and help web service owners better protect their customers and users.

Aviad Carmel
October 24, 2023
Salt Security Update - Situation in Israel October 2023

Salt Security Update - Situation in Israel October 2023

We want to thank our customers, partners and friends for the calls and messages to our team showing your concern and support.

Roey Eliyahu
October 11, 2023
Awards Season Never Stops at Salt!

Awards Season Never Stops at Salt!

Salt continues to receive accolades for the Salt Security API Protection Platform – all year round! This time we have been honored with the “Best API Security” award in the 2023 API Awards.

Michelle McLean
September 21, 2023

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide
Close
Back