Implementation

Implementing WAF has always been a big challenge for most system administrators and DevOps who handle the infrastructure.

The reason is that one needs to have a thorough knowledge of web application and web application attacks, typically categorized as OWASP Top 10.

There are many open source projects of WAF, such as ModSecurity and Naxsi, but to have them implemented in production requires a dedicated person.

This is the reason why the commercial offering is really having a boom and cloud providers such as AWS have launched a commercial offering of WAF as a service.