Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

WAFs, What Are They Good For?

Chris WestphalChris Westphal
Jul 16, 2020

Get ready for episode number 3 of our video series called API Security With A Pinch Of Salt. In this episode, Adam and Chris answer the question – WAFs, what are they good for?

Learn why apps are built on APIs, the security risk APIs present, and best practices for securing APIs.

The first dedicated WAF was introduced to the market in 1997 by Perfecto Technologies with their AppShield product. Perfecto, renamed as Sanctum, is also credited with defining the first top ten list of web application hacking techniques which, at the time, included:

  • Hidden field manipulation
  • Cookie poisoning
  • Parameter tampering
  • Buffer overflow
  • Cross site scripting (XSS)
  • Backdoor or debug options
  • Stealth commanding
  • Forced browsing
  • Third party misconfigurations
  • Known vulnerabilities

This list evolved into the OWASP Top Ten, first published in 2003, and since then we’ve seen both the Top 10 and WAFs evolve to keep up with the latest and greatest threats to applications over the years.

Fast forward to 2019 and the OWASP community decided that API vulnerabilities are unique enough that it was time to define a Top 10 list specific to API-based applications and API Security.

So the question is – how does the WAF stand up as APIs have increasingly become the centerpiece of applications and a primary target for attackers? Check out the video to hear what we think and let us know your thoughts in the comments below.

If you’re interested in seeing the Salt Security API Protection Platform in action, contact us for a customized demo today!

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

June 18, 2024

Salt Labs
Research Team

Salt Labs

Increasing API Traffic, Proliferating Attack Activity and Lack of Maturity: Key Findings from Salt Security’s 2024 State of API Security Report

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents.

Read more

June 12, 2024

Elad Hoffer
Head of Product R/T Protection

Product

Salt Security Leading the Way in AI-Driven API Security for Next-Generation Threat Protection and Attacker Insights

Learn how the recent introduction of advanced LLM-driven attacker insights further solidifies Salt's position as a leader in API security solutions.

Read more

June 7, 2024

Eric Schwake
Head of Product Marketing

A Salt Security Perspective on the 2024 Gartner® Market Guide for API Protection

Salt Security's API Protection Platform is AI-infused and designed to address the challenges outlined in the Gartner report.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide
Back