A web application firewall is not a one-size-fits-all option. Organizations must carefully evaluate a web application firewall’s deployment, configuration, management, and security capabilities to ensure it meets their web application security needs and is an integral part of an evolving application and IT infrastructure. This guide provides an overview of the threats to web applications and items to consider when selecting a web application firewall. It also details minimum feature and functionality requirements, and provides an at-a-glance checklist for evaluating web application firewalls.