## Problem to solve When an app is deployed to production, it is subject to attacks of any kind. One of the most common attacks is the through the web interface: many requests can be done from malicious users to find possible vulnerabilities due to misconfiguration of the service or to insecure handling of dynamic content (e.g., search queries). These kind of problems can be tested before deployment, and can also be monitored with regular scans, but most of the attacks can be prevented looking at common patterns. Instead of spotting that your production app is vulnerable when it is too late, you should be able to block the attack as soon as it comes. ## Proposal That's where a Web Application Firewall works. It is an intermediate layer between the web requests and your application that intercepts and analyzes what is in the payload, looking for signs of malicious contents like SQL injections or XSS, and classify a request based on its score and the acceptable value. It may be configured in two different ways: 1. the request is allowed, but a log is created with the violation details 1. the request is blocked and an error is returned to the callee by the WAF The first case is totally safe and doesn't impact the application. In the second case, the user application doesn't receive the payload at all, and cannot be compromised. But false positives can block legititimate requests, so it should be carefully evaluated.