Developers need to think like WAF operators for security. Start with secure coding and think of Web application firewalls not as a prophylactic but as part of the secure coding test process.Source