LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Dynamic Application Security Testing

Unlock the full course today

Join today to access over 24,700 courses taught by industry experts.

Web application firewalls

Web application firewalls - Burp Suite Tutorial

From the course: Dynamic Application Security Testing

Start my 1-month free trial Buy for my team

Web application firewalls

“

- [Instructor] Web application firewalls are defensive technologies that are designed to detect and block potentially malicious application traffic. As an application security tester, you need to know how to identify, and in some cases, circumvent these web application firewalls. Keep in mind, a web application firewall is not the same thing as a network firewall. A network firewall is often a physical or virtual device that sits between a client system and a server network, filtering out network traffic that isn't allowed to pass between those two networks. This filtering is primarily done on network protocols, port numbers, or IP addresses. A web application firewall performs a similar filtering function, but it can see much, much deeper into the data. Web application firewalls inspect all HTTP and HTTPS traffic, looking for potentially malicious strings of text in URLs and in HTTP headers. By inspecting this web…

Contents