Web application firewalls (WAFs) are used to protect web applications against a range of attack types, such as cross-site scripting (CSS), SQL injection, and buffer overflows. WAFs protect companies that do business on the web from data breaches, which can put consumers at risk for fraud and lead to loss of customer confidence, both of which can directly impact revenue. To maintain PCI DSS compliance, companies must either assess and resolve Internet-facing application vulnerabilities, or deploy a WAF.

ABOUT THIS STUDY: Part of a series on security controls deployed by US enterprises, this brief includes current usage statistics for WAFs within small and medium-sized enterprises (SMEs), large enterprises (LEs), and very large enterprises (VLEs).