My talk from Nginx conference: https://www.nginx.com/blog/build-application-security-shield...
Important note. Care about vulnerabilities. Not about attacks. Buy Burp license. Run appsec training for all of your developers; it's easy while you're small.
Disclaimer: I am a co-founder of Wallarm mentioned in preso.