WAF and Application Security Terms #
-
WAF (Web Application Firewall): A security solution that monitors and filters HTTP traffic between a web application and the Internet, specifically protecting Layer 7.
-
Layer 7: The Application Layer of the OSI model, targeted by attacks like SQL Injection and XSS.
-
Zero-Day Exploit: A security vulnerability known by attackers before the software vendor is aware of it or releases a patch.
-
Virtual Patching: The application of a security rule by a WAF to prevent the exploitation of a known vulnerability without changing the application code itself.
DDoS and Network Terms #
-
DDoS (Distributed Denial-of-Service): A malicious attempt to disrupt the normal traffic of a targeted server by overwhelming the target with a flood of Internet traffic from multiple compromised computer systems.
-
Layer 7 DDoS: An attack focused on exhausting the resources of the target application (CPU, RAM, database) by sending small, frequent, and legitimate-looking requests.
-
Volumetric Attack: A Layer 3/4 DDoS attack designed to overwhelm the network bandwidth of the target.
