Not having used APF much, I don't know what else it does or might do other than the firewall side.
However, Configserver is actually 2 utilities in 1.
On the firewall side, through the UI, it's very easy to blacklist or whitelist an IP (or range), which saves having to go into shell and edit raw files, which is a bonus to those who are a newer to VPSs or servers. (I don't run individual blacklists on each server I have because, as mentioned before, I run one central set and the firewall on each server/VPS reads those in at regular intervals, so I can update all servers from one central point).
It also will read in the blacklists from DShield, Spamhaus and Bogon and block those IPs, and there's quite a large rule set (again available through the UI) for tweaking the settings to give you some
protection from DOS attacks etc.
The other side is ConfigServer
This will run a quick check through your setup and highlight a number potential issues. Moving your secure port from port 22 is an obvious one - It reminds you to change it and, as you make other changes that it suggests, it will give you an overall "score" on your server/VPS's security level.
The tests it runs in DirectAdmin are pretty good, but in cPanel/WHM they're a lot more comprehensive.
The beauty for me, I guess, is that I can now run the same firewall and test suite on ALL my boxes (I have a mix of DA and WHM) and use the central black/whitelists to keep them all in sync.