Interview › Security & DevSecOps
What is the difference between a WAF, an IDS, and an IPS? [Advanced]
Answer
A WAF filters and protects web application traffic, usually at HTTP layer 7. An IDS detects suspicious activity and alerts. An IPS detects and actively blocks or prevents suspicious traffic. WAF is application-focused; IDS/IPS are broader network or host detection/prevention controls.
Technical explanation
A WAF can block common web attacks such as SQL injection, XSS patterns, bad bots, or protocol anomalies.
An IDS is usually passive and helps with detection and investigation.
An IPS is inline and can block, so tuning is critical to avoid false-positive outages.
Hands-on example
Example: place AWS WAF or Cloudflare WAF in front of a public API to block known malicious request patterns. Use IDS sensors for alerting on lateral movement. Use IPS cautiously on high-confidence signatures where blocking risk is acceptable.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More Security & DevSecOps interview questions
- What is DevSecOps, and how does it differ from traditional security gating at the end? [Basic]
- What does shift-left security mean, and why does it matter? [Basic]
- What is the difference between SAST, DAST, IAST, and SCA? [Basic]
- When in the pipeline does each of SAST, DAST, and SCA run? [Basic]
- What is the difference between SAST and DAST, and what does each catch and miss? [Basic]
- What is software composition analysis (SCA), and why does it matter for dependencies? [Basic]
- What is SonarQube, and what does it analyse? [Basic]
- Is SonarQube primarily SAST, code quality, or both? [Basic]