Explore the world of Web Application Firewalls (WAFs) in this 50-minute conference talk from LASCON. Learn about the importance of WAFs as an additional layer of security beyond traditional network firewalls and application-level security measures. Discover various WAF options, including those provided by major public cloud providers like AWS, Azure, and GCP, as well as self-managed solutions like Apache Mod Security. Gain insights into the basic features, challenges, and limitations of WAFs, and understand how to compare different options. Delve into topics such as secure configuration management, test coverage, and the principle of defense in depth. By the end of this talk, you'll have a comprehensive understanding of WAFs and their role in fortifying your web applications against potential attacks.