All the Prerequisites we need for the automation use cases across every platform – converting discovery works into tech designs and configurations that can be consumed via the automation works
Building in as much safety as possible into deployment patterns – especially around custom rule and exception configurations; the methodology varies across the platforms with some involving ordering and prioritisation that requires careful considering to avoid two adverse effects: Overly permissive (bypass) or overly restrictive (potential Prod impact) changes to the rules processing order
Crafting per platform tuning & exception processes, training and assistance for App Teams - the more assistance we can give the App Teams to safely get into block posture, the faster we can achieve audit compliance
Benefits
Provide SME WAF Engineer design support for WAF solution design against industry best practices such as company MVP, OWASP and vendor best practices
Discover, document, and create technical design and automation consumable configurations for WAF deployment and audit prerequisites, including:
Baseline configuration design patterns from MVP reviews for all platform
Technical deployment methods of custom rules and exceptions per platform and any per platform ordering / priority considerations with a lens on the safest deployment models possible
Acceptable access controls for WAF management planes per platform against the companies agreed IDAM (Identity and Access Management) policies
Identify the use of brokers, such as F5, for platform-specific WAF access control
Identity HTTPS inspection strategies for each platform, addressing Termination/Certification requirements
