[WASC-WAFEC] Kick-Off WAFEC v2

Robert A. robert at webappsec.org
Thu Feb 3 13:10:30 EST 2011


Done.

On Thu, Feb 03, 2011 at 09:16:47AM +0000, Ivan Ristic wrote:
> I was about to comment on the kick-off publicly (via Twitter), when I
> noticed that the mailing list archive is not available to the public.
> 
> I propose that we open the archive to the world. Any objections?
> 
> 
> On 03/02/2011 08:08, Wujek Thorsten [STEIN-IT GmbH] wrote:
> > Dear Sirs,
> > 
> > At first I would really like to thank you in the name of the WASC, Ivan
> > Ristic and Ofer Shezaf for your assistance in the WAFEC V1 project. I
> > think you have achieved a lot regarding standardization of Web
> > Application Firewall attributes.
> > 
> > To give you an impression about my history I would like to introduce myself:
> > 
> > I am the CEO of a German IT Service company. I am a certified architect
> > at Microsoft, as well as a CITA-P architect at the vendor independent
> > organization IASA. My focus is on security in cloud or virtual
> > environments as well as  on high availability and non-stop systems.
> > 
> > I am working as a security and web-security consultant and researcher
> > for enterprise companies; actually I have finished a WAF project for a
> > German insurance. My biggest project was the world youth day 2005
> > regarding all aspects of information technology, but the biggest focus
> > was on security and availability within that project.
> > 
> > In my role as the project leader of V2 of WAFEC I will offer you the
> > chance to attend the ongoing process of evolving Web Application
> > Firewall criteria. During this project I will be assisted by my brother
> > Mirko, who will introduce himself in a following mail.
> > 
> > I have in mind to process the following topics in Version 2:
> > 
> >  
> > 
> > ??         Review of WAFEC v1 / experiences, leaks,..
> > 
> > ??         What should a WAF protect against (In terms of WASC Threat
> > Classification).
> > 
> > ??         Taxonomy for cloud  based integrations.
> > 
> > ??         Process integrations for Test/Stage/Productive environments.
> > 
> > ??         Should there be a ???threat-defend??? protocol between WAFs and
> > Infrastructure components (if yes, this should result in a RFC) ?
> > 
> >  
> > 
> > I am really impressed how many people have subscribed the mailing list
> > and I am really looking forward to work together and elaborate Version
> > 2. I will specify the above items in more detail as well as the next
> > steps and project logistics in my next mail. In the meantime I would
> > really appreciate comments and/or additions from your perspective.
> > 
> > We would really appreciate if you would attend version 2 to guaranty the
> > success and the value for users and consultants during their daily work.
> > 
> >  
> > 
> > Regards.
> > 
> >  
> > 
> > Thorsten Wujek
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> > Beschreibung: cid:image001.jpg at 01C9F971.D8434E00
> > Mit freundlichen Gr????en
> > STEIN-IT GmbH
> > Thorsten Wujek
> > technischer Gesch??ftsf??hrer
> > technical CEO
> > 
> > 	
> > 
> > *MCT,MCA,MASE***
> > 
> > 	
> > 
> >  
> > 
> > 
> > Neckarstra??e 4. 45768 Marl
> > Fon +49 23 65 . 92 44 - 31
> > Fax +49 23 65 . 92 44 - 44
> > 
> > 	
> > 
> > www.stein-edv.de <http://www.stein-edv.de/>
> > www.sony-repair.de <http://www.sony-repair.de/>
> > Thorsten.Wujek at stein-edv.de <mailto:thorsten.wujek at stein-edv.de>
> > 
> > 
> > *Schon entdeckt?*Die STEIN-IT-Homepage pr??sentiert sich in neuem Design
> >>> <http://www.stein-edv.de/>
> >  
> > Beschreibung: stein_banner_2010.jpg
> >  
> > 
> > Ust.-Idnr.:  DE 814703466
> > Steuer-Nr.: 359 5786 0059
> > 
> > 	
> > 
> > Amtsgericht Gelsenkirchen, HRB 8639
> > Sitz und Gerichtsstand Marl
> > 
> > 	
> > 
> > Gesch??ftsf??hrer:
> > Joachim Matzek, Thorsten Wujek
> > 
> >  
> > 
> >  
> > 
> >  
> > 
> > 
> > 
> > _______________________________________________
> > wasc-wafec mailing list
> > wasc-wafec at lists.webappsec.org
> > http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
> 
> 
> -- 
> Ivan Risti??
> 
> _______________________________________________
> wasc-wafec mailing list
> wasc-wafec at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org




More information about the wasc-wafec mailing list