Application layer security refers to ways of protecting web applications at the application layer (layer 7 of the OSI model) from malicious attacks.

Since the application layer is the closest layer to the end-user, it provides hackers with the largest threat surface. Poor app layer security can lead to performance and stability issues, data theft, and in some cases the network being taken down.

Examples of application-layer attacks include distributed denial-of-service attacks (DDoS) attacks, HTTP floods, SQL injections, cross-site scripting, parameter tampering, and Slowloris attacks. To combat these and more, most organizations have an arsenal of application layer security protection, such as web application firewalls (WAFs), secure web gateway services, and others.