[WASC-WAFEC] IronBee -- a new Apache-licensed web application firewall

Christian Heinrich christian.heinrich at cmlh.id.au
Wed Feb 23 00:50:12 EST 2011


Ivan,

On Tue, Feb 22, 2011 at 10:39 PM, Ivan Ristic <ivan.ristic at gmail.com> wrote:
> I am writing to this list because I expect there will be an overlap
> between WAFEC and the documentation effort at IronBee. In the next
> week or so we will start a new section on our wiki to enumerate all
> the relevant attacks against web applications and then document what
> web application firewalls can do to address them (with a view to
> implement those defences in IronBee).
>
> We should perhaps include a copy of the wiki content in WAFEC itself.
> After all, one of our goals would be helping end users to understand
> what WAFs can and cannot do.


Can I recommend that this be extended to ModSecurity (possibly
completed by Ryan) so that a common benchmark can be established with
the intent of this body of work possibly being reused by other WAF
vendors?


-- 
Regards,
Christian Heinrich

http://www.linkedin.com/in/ChristianHeinrich

Mobile: +61 433 510 532 (AEST +10 GMT/UTC)
SkypeID: cmlh.id.au




More information about the wasc-wafec mailing list