[WASC-WAFEC] WAFEC v2 Step 1

Ivan Ristic ivan.ristic at gmail.com
Wed Feb 9 16:44:24 EST 2011


I am not so sure we should start by reviewing WAFECv1. We should let it rest
for a little while longer. It's much better to discuss the common WAF use
cases, and from that deduce how to formulate a criteria that would help
users determine if the products they are evaluating are suitable for the use
cases they wish to pursue.

For the record, my impression of WAFECv1 is that it's great for the guys
like me, who are interested in how WAFs operate, but not as useful for
end-users, who just want to take care of a problem they have.

In addition, I have some questions:

- What is content switching
- What DoS aspects of HTML5?

On Wed, Feb 9, 2011 at 9:28 PM, Wujek Thorsten [STEIN-IT GmbH] <
Thorsten.Wujek at stein-edv.de> wrote:

> Hi,
>
>
>
> Thanks to everybody for showing so much interest in evolving WAFEC v2.
>
>
>
> Today I would like to present the first, initial step of our project. After
> that I or my brother will be able to provide a detailed schedule and goal
> definition as well as how the communication will be organized.
>
>
>
> 1.)    I would like to name those, who have confirmed their participation
> explicitly on the WASC / WAFEC Website. If you do not want that, please let
> me know, otherwise I take silence as an “OK”.
>
> 2.)    As stated in the first mail, there should be a review of WAFEC v1
> and it would be great, if you could start with your or your customers
> experiences regarding the use of WAFEC v1.
> Let me be the one starting the discussion in short words:
>
> i.)           There are a lot off criteria regarding content switching,
> which is irritating if you speak about WAF
> ii.)          With the new Dos aspects of HTML 5 we should sharpen WAFEC
> criteria regarding that issue
> iii.)         WAFEC should give customers or consultants the ability to
> judge positive or negative techniques as well as training, at the moment it
> is just showing capabilities
>
> iv.)         The actual version is not helpful if you want to evaluate
> management or administrative capabilities
>
>
>
> These are my 5 cent
>
> 3.)    Last but not least there should be an overall confirmation if the
> suggested topics should be discussed in this project completely and how
> these points should be prioritized.
>
>
>
> Awaiting your comments.
>
>
>
> Thorsten
>
>
>
>
> Mit freundlichen Grüßen
> STEIN-IT GmbH
> Thorsten Wujek
> technischer Geschäftsführer
> technical CEO
>
> *MCT,MCA,MASE,CITA-P***
>
>
>
>
> Neckarstraße 4. 45768 Marl
> Fon +49 23 65 . 92 44 - 31
> Fax +49 23 65 . 92 44 - 44
>
> www.stein-edv.de
> www.sony-repair.de
> Thorsten.Wujek at stein-edv.de <thorsten.wujek at stein-edv.de>
>
>
>
>
> Ust.-Idnr.:  DE 814703466
> Steuer-Nr.: 359 5786 0059
>
> Amtsgericht Gelsenkirchen, HRB 8639
> Sitz und Gerichtsstand Marl
>
> Geschäftsführer:
> Joachim Matzek, Thorsten Wujek
>
>
>
>
>
>
>
> _______________________________________________
> wasc-wafec mailing list
> wasc-wafec at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
>
>


-- 
Ivan Ristić
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20110209/d7b38671/attachment-0003.html>


More information about the wasc-wafec mailing list