This service may be used to create rules to protect web applications from unwanted web traffic, hacks, brute force attacks, cross-site scripting, SQL injection, and other common exploits. The WAF must also provide protection against the OWASP top ten risks.