Having worked with a company that deals with web application firewalls, I can tell you from firsthand experience that these are by far one of the best security tools you can use to protect against vulnerabilities in web applications like SQL injections, cross-site scripting and PHP injections.