Jason Pappalexis, John Whetstone, Will Fisher, Mike Spanbauer
Web application firewalls (WAFs) are used to protect web applications against a range of attack types, such as cross-site scripting (CSS), SQL injection, and buffer overflows. WAFs protect companies that do business on the web from data breaches, which can put consumers at risk for fraud and lead to loss of customer confidence, both of which can directly impact revenue. To maintain PCI DSS compliance, companies must either assess and resolve Internet-facing application vulnerabilities, or deploy a WAF.
WHAT’S IN THIS REPORT:
- Product scope, alternatives, deployment, and purchase authority
- Metrics on product use within the enterprise
- Who manages WAFs? (breakdown by organization size)
- Who uses API controls? (breakdown by organization size)
- Enterprise challenges
ABOUT THIS STUDY:
Part of a series on security controls deployed by US enterprises, this brief includes current usage statistics for WAFs within small and medium-sized enterprises (SMEs), large enterprises (LEs), and very large enterprises (VLEs).?