[WASC-WAFEC] Kick-Off WAFEC v2

Wujek Thorsten [STEIN-IT GmbH] Thorsten.Wujek at stein-edv.de
Thu Feb 3 03:08:58 EST 2011


Dear Sirs,

At first I would really like to thank you in the name of the WASC, Ivan Ristic and Ofer Shezaf for your assistance in the WAFEC V1 project. I think you have achieved a lot regarding standardization of Web Application Firewall attributes.
To give you an impression about my history I would like to introduce myself:

I am the CEO of a German IT Service company. I am a certified architect at Microsoft, as well as a CITA-P architect at the vendor independent organization IASA. My focus is on security in cloud or virtual environments as well as  on high availability and non-stop systems.
I am working as a security and web-security consultant and researcher for enterprise companies; actually I have finished a WAF project for a German insurance. My biggest project was the world youth day 2005 regarding all aspects of information technology, but the biggest focus was on security and availability within that project.
In my role as the project leader of V2 of WAFEC I will offer you the chance to attend the ongoing process of evolving Web Application Firewall criteria. During this project I will be assisted by my brother Mirko, who will introduce himself in a following mail.
I have in mind to process the following topics in Version 2:


·         Review of WAFEC v1 / experiences, leaks,..

·         What should a WAF protect against (In terms of WASC Threat Classification).

·         Taxonomy for cloud  based integrations.

·         Process integrations for Test/Stage/Productive environments.

·         Should there be a "threat-defend" protocol between WAFs and Infrastructure components (if yes, this should result in a RFC) ?



I am really impressed how many people have subscribed the mailing list and I am really looking forward to work together and elaborate Version 2. I will specify the above items in more detail as well as the next steps and project logistics in my next mail. In the meantime I would really appreciate comments and/or additions from your perspective.

We would really appreciate if you would attend version 2 to guaranty the success and the value for users and consultants during their daily work.



Regards.



Thorsten Wujek



[cid:image001.jpg at 01CBC381.FDF9DFC0]
Mit freundlichen Grüßen
STEIN-IT GmbH
Thorsten Wujek
technischer Geschäftsführer
technical CEO

MCT,MCA,MASE




Neckarstraße 4. 45768 Marl
Fon +49 23 65 . 92 44 - 31
Fax +49 23 65 . 92 44 - 44

www.stein-edv.de<http://www.stein-edv.de/>
www.sony-repair.de<http://www.sony-repair.de/>
Thorsten.Wujek at stein-edv.de<mailto:thorsten.wujek at stein-edv.de>


Schon entdeckt? Die STEIN-IT-Homepage präsentiert sich in neuem Design >><http://www.stein-edv.de/>

[cid:image002.jpg at 01CBC381.FDF9DFC0]

Ust.-Idnr.:  DE 814703466
Steuer-Nr.: 359 5786 0059

Amtsgericht Gelsenkirchen, HRB 8639
Sitz und Gerichtsstand Marl

Geschäftsführer:
Joachim Matzek, Thorsten Wujek





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20110203/ae60bb08/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 6563 bytes
Desc: image001.jpg
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20110203/ae60bb08/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 8374 bytes
Desc: image002.jpg
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20110203/ae60bb08/attachment-0001.jpg>


More information about the wasc-wafec mailing list