HomeAbout me

Next Generation Web Application Firewall

Project Summary

What is a WAF (Web Applicaiton Firewall)?

WAF protects applications from malicious and unwanted internet traffic. It can protect any internet facing endpoint, and can be attached to a load balancer or a web application domain name.

What is a Load Balancer?

Load balancers enable customers to distribute web requests across a fleet of servers or automatically route traffic across various regions to help produce high availability for any application or data source.

View Prototype

Skills:

Product Design, Re-Design, Design System Component and Pattern Implementation

Role:

Lead UX Designer

Team:

Product Managers on WAF and cross service teams, API Developers, UI Developers, Technical Content Writer

Transformed the user experience to better secure load balancers, get users up and running quickly and protect from malicious attacks.

The Problem

  1. Complex workflows that left users vulnerable to attacks.
  2. Difficult access to secure policy.
  3. Inefficiencies in adding or modifying security policies.

The Goal

  1. Enhance user experience to accelerate onboarding and accessibility.
  2. Enable seamless access to secure policies across services.
  3. Streamline the publishing process into a single, intuitive edit form.

The Process

  • Requirements gathering
  • Project kickoff discovery with key stakeholders
  • Competitive analysis
  • User flows
  • Low fidelity user flows
  • High fidelity prototyping
  • Development handoff
  • Product launch
  • Feedback and iteration

Phase One

Identify Users icon

Identify Users

Security architects, security administrators, legacy WAF users, first time OCI users.

    Identify constraints icon

    Identify Constraints

    • Because of our tight deadline, some features needed to be scaled down.
    • With the design system completely overhauled, the new WAF required a full redesign.
      Competitive analysis icon

      Competitive Analysis

      To understand WAF in different contexts I analyzed other cloud services such as Microsoft Azure, Cloudflare, Fastly and Amazon Web Services.

        SME Interviews icon

        SME Interviews

        Discussed the existing solution and customers’ experience with SMEs.

          Pain Points icon

          Pain Points

          1. OCI did not have the ability to secure Load Balancers or other enforcement points; only domains via a web application firewall.
          2. The previous WAF service made it difficult for users to quickly implement a secure policy, often taking hours or even days to get up and running.
          3. Users couldn’t access a security policy from other OCI services.
          4. The "publish changes" feature resulted in unnecessary delays when adding or modifying security policies.

            User Flows

            To determine how this new service would interact with other OCI services and how users would access it, I developed user flows.

              Phase Two

              Low fidelity user flows

              Low-fidelity user flows helped us identify the UI elements required at each step, enabling us to:

              • Determine the easiest way to get users up and running.

              • Eliminate unnecessary steps.

              • Assess how to apply the new design system effectively or whether we needed to add new UI features to the design system.
              High fidelity prototyping, iterations and validating

              Developed click-through prototypes to showcase the key objectives to SMEs and stakeholders.

              Phase Three

              Final design, development handoff and product launch

              The final implementation enables users to quickly create a WAF policy, select a Load Balancer to apply the policy to, and easily choose the desired security settings.

              Access Rules are available to limit access based on location.

              Rate Limiting Rules are available to help prevent DDoS attacks.

              Protection Rules allow users to quickly configure OWASP (Open Worldwide Application Security Project) rules to prevent attacks such as customer cookie theft.

              Apply a WAF policy to a Load Balancer upon creation, while future-proofing for the ability to apply a WAF policy to other services in the future.
              Alert security admins through metrics, logging and notifications.
              Eliminated the cumbersome task of publishing each change and simplified the API, allowing changes to be made via a management form instead.
              Results and Impact
              "Oracle Web Application Security is definitely one of the higher-performing solutions in this space. We're really happy with the capabilities, the output, and the integration."
              - Security architect and manager at Covanta

              • The next-generation WAF reduced user onboarding time, minimized errors, and enhanced security. The product was launched on schedule and laid the foundation for new components to be added to the design system.

              • The WAF product team tracked user feedback post-release. As the principal UX designer for this product, I am constantly tracking, learning, and iterating.
              < Previous Project - OCI Design SystemNext Project - Compartment Select Re-design >
              Contact
              Allison Key-Wallace Mark
              alepine@gmail.com

              Let's collaborate to design user experiences that take your product to the next level.

              © 2025 Allison Key-Wallace with ❤️ in New Hampshire 🗻   

              HomeAbout me