Too Long; Didn't Read
Web Application Firewall (WAF) has not been able to keep up with the speed of DevOps. Best practice for securing web applications has evolved to simply deploying a WAF in front of your app. With no context to understand the content within the app that’s being interacted with, it's impossible to automate the WAF's evolution in parallel with the application's evolution. With continuous delivery, it is just not possible for your WAF to protect a web application from logic attacks without human intervention. It is too dangerous to allow them to over-block because the high volumes of alerts.