With modern security measures such as code scanning, library scanning, and image scanning, is there still a need for a full reverse proxy? Why should organisations continue to invest in Web-Application and API Protection (WAAP) even in IAM-based applications? This session will explore the evolving threat landscape in web security, including XSS, CSRF, API abuse, and automated attacks. We will discuss why traditional protections are still relevant, how WAAP provides critical security layers, and how it mitigates emerging threats such as API scraping, business logic exploitation, and AI-driven attacks.