This is almost too unbelievable to be true. A company that sells web application firewalls gets done by SQL injection? Are these guys serious? How are people meant to take the security industry seriously when the very companies peddling this stuff can't get it right?
How about their advice:
"You can’t leave a Web site exposed nowadays for even a day (or less)" Ehh.... you reckon?!
"You can’t be complacent about coding practices, operations or even the lack of private data on your site – even when you have WAF technology deployed" Ehh... you don't say?!
Would you buy balding prevention medicine from a bald sales guy?