"Web Application Intrusion Defense System" or WaIDS for short
This makes far more sense than calling a product which is *not* a firewall exactly that - and it solves the issue of that managerial response "but we already have a firewall". Doesn't this make so much more sense? I'm serious. The new name would convey the idea of what a WAF actually *is* and give the technology actual meaning, and better sense of purpose.
In addition to the brilliant new name, here are the Top 5 things that WaIDS should advertise itself to solve:
- Short-term detection of known web application security defects
- Security support for legacy web-based applications (those not likely to change)
- Layered (defense in-depth) security for well-established application security programs
- Auditing, auditing, auditing of web-application attacks
[I can't think of a 5th one]