Having a Web application firewall in place can mean the difference between scrambling to fix a vulnerability — taking an application offline and paying emergency overtime fees for developers and QA staff — or having the breathing room to repair the vulnerability on your own schedule. Web application firewalls (WAFs) are an emerging category of firewall, defined by the consortium as “an intermediary device, sitting between a Web client and a Web server, analyzing OSI Layer 7 messages for violations in the programmed security policy.