Application firewall

An application firewall is a cybersecurity control designed to protect web applications and APIs by monitoring and filtering data traffic at the application layer (Layer 7) of the OSI model. Unlike traditional network firewalls that operate at lower layers inspecting IP addresses and ports, an application firewall has deep contextual awareness of application-specific protocols such as HTTP/S, XML, and JSON. This enables it to analyze the actual content, payload, and operational logic of communications, identifying patterns indicative of attacks.

As a critical component of network and infrastructure security, an application firewall defends against sophisticated application-layer threats including SQL injection, cross-site scripting (XSS), broken authentication, and denial-of-service attacks that bypass lower-level defenses. Through deep packet inspection and enforcement of granular security policies, it prevents malicious requests from exploiting vulnerabilities, safeguarding sensitive data, maintaining application availability, and strengthening an organization's overall security posture.