By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration.
[1] Most of the major financial institutions utilize WAFs to help in the mitigation of web application 'zero-day' vulnerabilities,[citation needed] as well as hard to patch bugs or weaknesses through custom attack signature strings.
Early WAF products, from Kavado and Gilian technologies, were available, trying to solve the increasing amount of attacks on web applications in the late 90s.
[citation needed] In 2002, the open source project ModSecurity[3] was formed in order to make WAF technology more accessible.
It is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic - detecting and blocking anything malicious.
It may be a stand-alone device or integrated into other network components.”[9] In other words, a WAF can be a virtual or physical appliance that prevents vulnerabilities in web applications from being exploited by outside threats.
[11] WAFs use a combination of rule-based logic, parsing, and signatures to detect and prevent attacks such as cross-site scripting and SQL injection.
JA3, developed by Salesforce and later open-sourced [16], is a technique for generating a unique fingerprint for SSL/TLS traffic based on specific fields in the handshake, such as the version, cipher suites, and extensions used by the client.