Web Application Firewall (WAF)

Web Application Firewall (WAF)

Web application attacks deny services and steal sensitive data. Imperva Web Application Firewall (WAF) analyzes and inspects requests coming in to applications and stops these attacks.

Secure cloud and on-premise applications with Imperva's WAF

Secure cloud and on-prem apps

Protect your applications in the cloud and on-premises with the same set of security policies and management capabilities. Safely migrate apps while maintaining full protection.

Deploy the way you want to

Deploy the way you want to

Deploy Imperva WAF on-premises, in AWS and Azure, or as a cloud service itself. Easily meet the specific security and service level requirements of individual applications.

Stop OWASP Top 10 and Automated Top 20

Stop OWASP Top 10 and Automated Top 20

Imperva WAF protects against the most critical web application security risks: SQL injection, cross-site scripting, illegal resource access, remote file inclusion, and other OWASP Top 10 and Automated Top 20 threats. Imperva security researchers continually monitor the threat landscape and update Imperva WAF with the latest threat data.

How Imperva WAF Protects Your Applications

Imperva WAF detects attacks

Detects attacks

Imperva WAF uses patented dynamic application profiling and correlated attack validation to accurately detect attacks and minimize false positives. Dynamic application profiling learns all aspects of web applications, including the directories, URLs, parameters, and acceptable user inputs. Correlated attack validation aggregates and analyzes individual violations across the stack. Combined, they detect attacks with exceptional accuracy and block only bad traffic.

Provides extensive reporting

Extensive reporting

Imperva WAF offers rich graphical reporting capabilities to easily understand security status and meet regulatory compliance. Generate pre-defined and customizable reports. Quickly assess security status and streamline demonstration of compliance with PCI, SOX, HIPAA and FISMA and other compliance standards.

SIEM integration

SIEM integration

Imperva WAF integrates with most of the leading Security Information and Event Management (SIEM) systems such as Splunk, ArcSight and others. It exports events as syslog messages, Common Event Format (CEF) and JSON format. Events generated by Imperva WAF are intuitively indexed and easily searchable for quick incident response.


Key Resources

Learn how you can guard against the OWASP Top 10 Threats in the whitepaper

Protect Your Applications Against OWASP Top 10 Risks

Learn how you can guard against the new OWASP Top 10 Threats.

Read e-Book ›

Web Attack Survival Guide

Get step-by-step instructions to help you prepare for and stop web attacks.

Read guide ›