WebSphere Application Server (WAS) is a software product that performs the role of a web application server. More specifically, it is a software framework and middleware that hosts Java-based web applications. It is the flagship product within IBM's WebSphere software suite. It was initially created by Donald F. Ferguson, who later became CTO of Software for Dell. The first version was launched in 1998. This project was an offshoot from IBM HTTP Server team starting with the Domino Go web server.

WebSphere Application Server (WAS) is built using open standards such as Java EE, XML, and Web Services. It runs on the following platforms: Windows, AIX, Linux, Solaris, IBM i and z/OS. Beginning with Version 6.1 and now into Version 9.0, the open standard specifications are aligned and common across all the platforms. Platform exploitation, to the extent it takes place, is done below the open standard specification line.

It works with a number of Web servers including Apache HTTP Server, Netscape Enterprise Server, Microsoft Internet Information Services (IIS), IBM HTTP Server for i5/OS, IBM HTTP Server for z/OS, and IBM HTTP Server for AIX/Linux/Microsoft Windows/Solaris. It uses port 9060 for connection as the default administration port and port 9080 as the default website publication port.

The "traditional" (as opposed to the Liberty variant) WebSphere Application Server platform is architected as a distributed computing platform that could be installed on multiple operating system instances, collectively referred to as a WebSphere cell. Management of all the instances could be done from a management node – called the Deployment Manager – within the cell, and deployment of applications – including the ability to perform rolling updates – could be pushed out to a subset of the cell nodes. The configuration information for the entire cell (how many nodes there are, what applications are deployed to each, how the applications are configured, session management and details of other resources, etc) are tracked in XML configuration files that are distributed throughout the cell to every node. Over the product lifetime, the implementation of these configuration details went from files, to database-based (around v3.5), and back again to files (around v5).

Given the distributed install, and given also that management of the entire cell required management of local effects (such as deployment, logging configuration, etc), the overall effect was that WAS security could often override local security if not configured properly. For example, in earlier versions of the management console, there was an option that was available to specify the location of a log file on a remote node. This could be used to read/write to an arbitrary file on that remote node. For this reason, it was not advisable to run the application server / node agent processes with root privileges, and starting with v6, security configuration defaulted out of the box to a secure state (even if this meant that enabling desired functions required manual changing of the defaults). Originally, all nodes of the cell were in a single domain for management as well as application security. However, starting with v6.1, there can be multiple security domains and administrative and application security can be separate.

Many IBM products (such as IBM InfoSphere DataStage) use WebSphere Application Server as the base platform for their infrastructure.

IBM has shipped several versions and editions of WebSphere Application Server.

In the first beta versions, WebSphere had been called Servlet Express.