Applications were and are the main target for attackers, so adequate application security measures play an enormous role and must be an essential part of every application. Especially for "modern apps", which consist of various microservices and are accessed via APIs, the security solution must adapt to the "agile" development process and provide the necessary protection at all times. With our Web Application Firewall (WAF) solutions - NGINX App Protect and Advanced WAF we show you how to create, tune and operate optimized WAF policies. The WAF policy can be integrated directly into existing CI/CD pipelines and configured declaratively in the sense of "application security as code".