Dive into the world of Web Application Firewalls (WAFs), exploring the strengths and limitations of leading providers such as Azure & AWS, as well as some decidedly commercial offerings. Through a detailed evaluation based on a subset of the OWASP Top Ten vulnerabilities, DoS/DDoS protection and AI/ML capabilities, we uncover whether WAF solutions deliver as promised in terms of protecting against common and bespoke web threats. Participants will gain insights into practical recommendations for selecting and deploying WAFs effectively, emphasizing the integration of developer expertise for enhanced security models. A blend of technical analysis and identification of weak areas despite what glossy brochures would have you believe.

TL;DR: A quick look at what a WAF is, some of the commercial offerings in WAF space, what it can and cannot do for you, some WAF fails