A Web Application Firewall aids the protection of web applications by filtering and monitoring HTTP traffic between the web application and the Internet. It generally protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors. Web application attacks deny services and steal sensitive data. A Web Application Firewall (WAF) analyzes and inspects requests coming in to applications and stops these attacks.