[WASC-WAFEC] Kick-Off WAFEC v2

Ivan Ristic ivanr at webkreator.com
Thu Feb 3 04:16:47 EST 2011


I was about to comment on the kick-off publicly (via Twitter), when I
noticed that the mailing list archive is not available to the public.

I propose that we open the archive to the world. Any objections?


On 03/02/2011 08:08, Wujek Thorsten [STEIN-IT GmbH] wrote:
> Dear Sirs,
> 
> At first I would really like to thank you in the name of the WASC, Ivan
> Ristic and Ofer Shezaf for your assistance in the WAFEC V1 project. I
> think you have achieved a lot regarding standardization of Web
> Application Firewall attributes.
> 
> To give you an impression about my history I would like to introduce myself:
> 
> I am the CEO of a German IT Service company. I am a certified architect
> at Microsoft, as well as a CITA-P architect at the vendor independent
> organization IASA. My focus is on security in cloud or virtual
> environments as well as  on high availability and non-stop systems.
> 
> I am working as a security and web-security consultant and researcher
> for enterprise companies; actually I have finished a WAF project for a
> German insurance. My biggest project was the world youth day 2005
> regarding all aspects of information technology, but the biggest focus
> was on security and availability within that project.
> 
> In my role as the project leader of V2 of WAFEC I will offer you the
> chance to attend the ongoing process of evolving Web Application
> Firewall criteria. During this project I will be assisted by my brother
> Mirko, who will introduce himself in a following mail.
> 
> I have in mind to process the following topics in Version 2:
> 
>  
> 
> ·         Review of WAFEC v1 / experiences, leaks,..
> 
> ·         What should a WAF protect against (In terms of WASC Threat
> Classification).
> 
> ·         Taxonomy for cloud  based integrations.
> 
> ·         Process integrations for Test/Stage/Productive environments.
> 
> ·         Should there be a “threat-defend” protocol between WAFs and
> Infrastructure components (if yes, this should result in a RFC) ?
> 
>  
> 
> I am really impressed how many people have subscribed the mailing list
> and I am really looking forward to work together and elaborate Version
> 2. I will specify the above items in more detail as well as the next
> steps and project logistics in my next mail. In the meantime I would
> really appreciate comments and/or additions from your perspective.
> 
> We would really appreciate if you would attend version 2 to guaranty the
> success and the value for users and consultants during their daily work.
> 
>  
> 
> Regards.
> 
>  
> 
> Thorsten Wujek
> 
>  
> 
>  
> 
>  
> 
> Beschreibung: cid:image001.jpg at 01C9F971.D8434E00
> Mit freundlichen Grüßen
> STEIN-IT GmbH
> Thorsten Wujek
> technischer Geschäftsführer
> technical CEO
> 
> 	
> 
> *MCT,MCA,MASE***
> 
> 	
> 
>  
> 
> 
> Neckarstraße 4. 45768 Marl
> Fon +49 23 65 . 92 44 - 31
> Fax +49 23 65 . 92 44 - 44
> 
> 	
> 
> www.stein-edv.de <http://www.stein-edv.de/>
> www.sony-repair.de <http://www.sony-repair.de/>
> Thorsten.Wujek at stein-edv.de <mailto:thorsten.wujek at stein-edv.de>
> 
> 
> *Schon entdeckt?*Die STEIN-IT-Homepage präsentiert sich in neuem Design
>>> <http://www.stein-edv.de/>
>  
> Beschreibung: stein_banner_2010.jpg
>  
> 
> Ust.-Idnr.:  DE 814703466
> Steuer-Nr.: 359 5786 0059
> 
> 	
> 
> Amtsgericht Gelsenkirchen, HRB 8639
> Sitz und Gerichtsstand Marl
> 
> 	
> 
> Geschäftsführer:
> Joachim Matzek, Thorsten Wujek
> 
>  
> 
>  
> 
>  
> 
> 
> 
> _______________________________________________
> wasc-wafec mailing list
> wasc-wafec at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org


-- 
Ivan Ristić




More information about the wasc-wafec mailing list