How to secure business web application
1) Most probably this is the most common web application security myths.
2) Network security scanners are designed to identify the insecure server and network device configurations and vulnerabilities and not web application vulnerabilities.
3) A web application firewall, also known as WAF does analyze both HTTP and HTTPS web traffic, hence it can identify malicious hacker attacks.
4) A web application firewall can determine if a request is malicious or not by matching the request's pattern to an already preconfigured pattern.
"Security is often about requirements". What is it you're required to do based on business needs, risks and regulations?