Glossary term

WAF

Also: Web Application Firewall

Protection layer in front of web applications, mitigating OWASP top 10 attacks (SQLi, XSS, RCE, SSRF), bot traffic and volumetric attacks. Cloud WAF including CDN is standard in 2026; on-prem WAFs are the exception.

Cloud WAF leaders: Cloudflare, Akamai, AWS WAF, Azure Front Door + WAF, Imperva, F5 Distributed Cloud, Fastly. On-prem: F5 BIG-IP ASM, Imperva SecureSphere, Barracuda.

Extensions: API security (positive model via OpenAPI/GraphQL), bot management, account takeover protection, anti-fraud, client-side script protection (Magecart).

Audit cases: mandatory component for any internet-exposed application under NIS2, DORA, PCI DSS 4.0 (req 6.4.2). In banking often combined with DDoS mitigation and CDN.

Related terms

SASE

Gartner architecture category combining network (SD-WAN) and security functions (SWG, CASB, ZTNA, FW…

SSE

Subset of SASE without SD-WAN. Bundles SWG, CASB, ZTNA and (increasingly) DLP/RBI in a cloud platfor…

Supply Chain Risk

Risks from the software and hardware supply chain: compromised open-source packages, build-pipeline …

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed …

AI Act Risk Categories

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited …

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir…

BAIT

BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for…

BCM

Discipline for maintaining critical business processes during disruptions. Standards: ISO 22301, BSI…

← All terms Book a demo →