Web applications are not protected by todays network level firewalls,because they allow access to TCP port 80 without restrictions. However, manysuccessful attacks today are not on the network level, but on applicationlevel. For protecting against application level attacks, a firewall mustunderstand the application protocols, that are used on its open ports. Thishappens in application level firewalls and for Web application in Webapplication firewalls. The underlying concepts of Web application firewallsdiffer much from the concepts of traditional network level firewalls. This bookexplains the underlying concepts of Web application firewalls. Afterwards,they are applied to a collection of security requirements, that applicationdevelopers should respect today for developing a secure Web application. AWeb application firewall is capable of automatically implementing many ofthese requirements. As a result, Web application developers can ignore theserequirements, because the Web applications firewall already ensures theirimplementation and therefore the security of the Web application. This bookis intended for anyone, who is interested in securing his Web application.