Web application firewalls take the idea of network firewalls and apply them to web applications. It scans all traffic coming into a web application to find possible attacks, such as cross-site scripting and SQL injection. WAFs use rules and signatures to know what to look for within the request that flags it as a possible attack. They usual target or address OWASP Top-10 vulnerabilities.