Application Control & Change Control | Database | Email Archiving | Other | SIEM | Vulnerability Scanners | Web Application Firewalls




Web Application Firewall Solutions & Vendors

The purpose of a Web Application Firewall (WAF) is to protect against attacks directed towards websites. Common attacks include cross site scripting, SQL injection, Command injection, buffer overflow, cookie poisoning and there are many more. PCI DSS is a huge driver for organisations investing in WAF solutions.

WAF solutions use many clever techniques to protect web services against such attacks, some of which include, protection against file injection, command injection, ajax application security, cold fusion, PHP, SQL injections, encrypting session cookies, enforcing buffer limits, preventing cyber criminals from inserting malicious scripts into the website URL and headers, inspecting specific application layer traffic for malicious threats, providing anti-virus checking for files being uploaded, providing XML security for web 2.0 sites.

Some WAF solutions also provide built in application acceleration and load balancing of traffic for server farms.




acunetix specialises in web application security and provides a web vulnerability scanner.


Armorize Appsec Suite is a suite of web application security solutions. CodeSecure analyses static code and software verification and more. HackAlert is a cloud based alerting system for websites and advertisements. Finally SmartWAF is a web application firewall solution.

AppliCure Technologies is a dedicated web application security vendor and offers a web application firewall as a software platform known as dotDefender.


ArmorLogic is focussed on web application and website security and has a web application firewall known as Profense.


Art of defence provides web application security and a WAF plugin for apache and Microsoft server known as hyperguard.


Barracuda has a portfolio of network security products and services in the cloud as well as other solutions. Barracuda provides a dedicated web application firewall product.


Citrix Netscaler is an application acceleration, load balancer and web security product all in one.


Cisco is a leading networking and collaboration solutions vendor and offers a Cisco Ace Web Application Firewall.


eEye Digital Security provides web security through their SecureIIS solution.


eEye Digital Security is a specialist in vulnerability management and has a web security scanner and built in reporting functionality looking for web application vulnerabilities.


F5 known for its application delivery solutions and web security also provide a dedicated web application firewall.


Fortinet is a network security vendor and provides a web application firewall with a built in vulnerability scanner solution.


Forum Systems offers a product known as FORUM SENTRY Web Application Firewall for enterprises. Forum Systems is a provider of trust management, threat protection and information assurance solutions.


Imperva offers web application security in their web application firewall and ThreatRadar solutions.


NSFOCUS Information Technology is a network and application security vendor. NSFOCUS delivers a Web Application Firewall solution.


Port80 Software is a provider of security and performance technology for Microsoft's Internet Information Services (IIS) Web server application.


Privacyware provides a web application firewall and intrusion prevention for Microsoft IIS known as ThreatSentry.


QUALYS delivers IT security risk and compliance management solutions and offers a dedicated web application security assessment and reporting scanner.


Quotium Technologies delivers a web application security solution.


Radware is a vendor with a focus in integrated application delivery solutions and has a product known as AppWall that is a dedicated web application firewall solution.


Rapid7 is a provider of unified vulnerability management, compliance and penetration testing solutions and offers a dedicated web application scanner.


Trustwave acquired Breach Security and so along with its other security solutions also offers a WAF solution.


Zeus Application Firewall module can be integrated into their Traffic Manager application delivery controller solution providing load balancing and a WAF into one product.