WAFs can’t protect APIs, but they try anyway

Web Application Firewalls (WAFs) have been around since the early 2000’s when OWASP released their first Top 10 list of web application vulnerabilities. The idea behind a WAF is to block attacks against an application by inspecting HTTP traffic and blocking requests that match known attack patterns or signatures. This was originally done at the network level with appliances deployed in front of web servers, but has now evolved into cloud based services which inspect traffic before it reaches a server (such as AWS Shield)
https://t.co/gJoAsw1lYO