The use of web application firewalls is becoming standard. However, costs and complexity still pose an obstacle for many projects - unless you use them as a service.
Web applications need protection. From hardware all the way to the network level, protection consists of a multitude of components. One of them is WAF, the Web Application Firewall. However, the use of a WAF is not yet part of the standard protection repertoire. There are several reasons for this: For example, a WAF must be designed with the same redundancy as the application itself. It also introduces an additional component between user and operator, which interrupts traffic. Furthermore, the configuration and operation of a web application firewall requires appropriately trained personnel. And last but not least, high licensing and maintenance costs are often reflected in the project budget.
In order to defuse the above points, instead of considering the WAF as a dedicated component per project, it may in fact make sense to purchase it as a service. By sharing hardware and software with other projects or customers of a service provider, it is possible to benefit from associated advantages. Thus, the WAF is being kept up to date without additional expenditure, the capacities are being adjusted automatically and availability is ensured to the highest possible extent. It can also be assumed that test platforms and playgrounds are made available in addition to production lines. Furthermore, WAF as a service also has the advantage of not having to be operated at the same location as the actual application. A dedicated line or a VPN is placed behind the WAF for application, which can be in the cloud or on premise. For cloud-based solutions, this means that, thanks to WAF, the entry point for users and the location of the SSL/TLS keys are stored in a known and appropriately secured location.