The most valuable feature is the ability to automatically feed it rules what it's coupled with the WebInspect dynamic application scanning technology. The rules that are created are very specific to the application that it's defending. In a typical WAF, out of the box, it comes with a set of standard rules that work reasonably well. However, if you want rules that are specific to vulnerabilities that you know are in the application, the application defender is superior at defending against these. 

The most valuable feature is that it analyzes data in real-time.

The Audit Workbench allows us to analyze and see if things are okay on our end, giving us the option to manipulate the rules if needed.

The intelligence behind the static code analysis is really amazing. When we used to do code reviews we did not get that level of depth, in terms of identifying security concerns.

The user interface is really simple to use.