A web application firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration.[1] Most of the major financial institutions utilize WAFs to help in the mitigation of web application 'zero-day' vulnerabilities,[citation needed] as well as hard to patch bugs or weaknesses through custom attack signature strings.[2]