Online security is crucial nowadays, especially due to the large amount of viruses and cyber threats that exist. However, while we can choose which sites to visit, we cannot control who visits our own website, making it a target for hackers. Therefore, it is essential to take proactive security measures to ensure the protection of our investment, and in this article, we will discuss how to do so.

What is a WAF?

A WAF (Web Application Firewall) is a type of firewall designed to protect web applications from possible cyber threats and attacks. The WAF analyzes web traffic and filters out malicious requests, thus preventing attackers from exploiting vulnerabilities in web applications.

The goal of the WAF is to detect and block specific attacks directed at web applications, such as SQL injections, cross-site scripting (XSS), among others. In addition, the WAF can provide protection against known and unknown threats, providing an additional layer of security to web applications and helping to ensure their availability, confidentiality, and integrity.

Anyone can create a website

This is a phrase I have heard several times, and it seems true. I have met several clients who tell me: my website was made by my advertiser, my computer technician, my graphic designer, my community manager, my image consultant, one of my high school students. Even one told me: my son.

Since the appearance of CMS (Content Management System), such as WordPress, Joomla, Moodle, Drupal, among the best-known, the work of "web designer" has become popular. Since these tools allow creating a website without writing code, the profession of "web designer" has become crowded with people who have no knowledge of programming, much less of computer security.

It is true. Nowadays, "anyone" can create a website. And this truth is also known by hackers, and they take advantage of it. Hackers look for simplicity. It is easier to create a virus that takes advantage of a vulnerability that an inexperienced person has left open, than to spend hours trying to hack a website with protection.

How do people with an existing website reach out to me? The situation is always the same - my phone rings, I answer it, and the person on the other end introduces themselves and says:

- I was referred to you because I need help with my website. For some time now, the site hasn't been loading (or a red screen appears). I've been trying to reach out to the person who designed it, but they're not responding.

- And who designed it?, I ask.

That's when they respond with: my publicist, my technician, my graphic designer, etc.

Anyone can make a website, but not everyone knows how to protect it.

Why do I need a WAF?

It is estimated that between 60 to 70% of the websites in the world have been designed with a CMS (WordPress, Joomla, Drupal, etc.), and this percentage grows much more when it comes to SMEs, independent professionals, and entrepreneurs.

With that information, let's think again like a hacker. If you were one and wanted to infect the largest number of websites, would you struggle for days to infect one site at a time, or would you develop code that could infect 70% of the websites in the world, which are usually designed by people who lack knowledge of web security?

That is the reality, and every day more and more viruses and malware focused on infecting websites and web applications emerge. In fact, according to some security reports, the number of cyber-attacks increased by more than 300% since the start of the pandemic.

Therefore, Google and the other major search engines (Bing, Yahoo!), in their quest for a secure Internet, and in the face of the growing number of infected websites, have opted to ban (block access) to websites detected with some type of malicious software.

On the right is the screen that Google uses to warn the user that the website they are trying to visit contains a virus or some type of malicious software. Imagine for a moment that a client tries to access your website and sees this message. Or worse yet, invests in a digital marketing campaign to attract traffic to their website and increase their sales, and instead, what they are getting is a bad reputation for their brand.

Keeping up with hacking trends can be very challenging, not to say impossible, for any webmaster. In terms of cybersecurity, it's necessary to have tools and expert personnel.

Some companies have their sites hosted on their own servers; however, it's important to understand that network firewalls protect office computers, but they don't prevent hackers from accessing your website or web application.

Having a Web Application Firewall (WAF) provides peace of mind and protects the investment you've made in your site and brand image. In an article I read:

"A WAF works like a vaccine for your website. It's a measure to prevent it from being infected or taken offline. Nobody likes being vaccinated, but the cost of getting sick is always much higher."