WAF Setup Questionnaires
Category On-Premises EBS Application Response
Application - Current architecture of your EBS application
Details
- Key modules and functionalities that require
protection
- Specific compliance requirements (e.g., PCI-DSS,
GDPR)
Is EBS application patched with latest security patches?
Is TLS Enabled at application level
What kind of Proxy server being used to expose the
Supplier URL to outside world, F5/HA Proxy?
Traffic and - Expected volume of traffic to the EBS application
User Base
- Peak usage times or seasonal fluctuations in traffic
- Primary users of the application (internal users,
external partners, customers)
Current - Existing security measures for the EBS application
Security - What all ports are opened on application server
Posture
- Previous security incidents or breaches
- Common types of attacks or threats faced
WAF - Specific URLs or application endpoints that need
Requirements special protection
- Custom rule sets from existing WAF rules (if any)
-
Integration and - Current network setup and WAF placement (inline,
Compatibility reverse proxy, etc.)
- Existing load balancing or CDN services that the WAF
needs to integrate with
- Any compatibility requirements with current hardware
and software infrastructure
Performance - Any benchmarks that the WAF needs to meet
and Scalability
- Any Latency concerns or performance impacts that
need to be minimized
- Any Scalability requirements for future growth
Management - Logging and reporting requirements for the WAF
and Monitoring
- Specific monitoring tools or SIEM systems to be
integrated
Policies and - Existing security policies that the WAF rules need to
Rules align with
- Process for updating and maintaining WAF rules
- Handling and tuning of false positives
Support and - Level of support required from the WAF vendor (24/7
Maintenance support, incident response)
- Maintenance schedule and process for applying
� updates and patches
- Training requirements for the team to manage the
WAF effectively
MFA Is MFA Enabled on Internal Site?
