[WASC-WAFEC] IronBee -- a new Apache-licensed web application firewall
christian.heinrich at cmlh.id.au
Wed Feb 23 00:50:12 EST 2011
On Tue, Feb 22, 2011 at 10:39 PM, Ivan Ristic <ivan.ristic at gmail.com> wrote:
> I am writing to this list because I expect there will be an overlap
> between WAFEC and the documentation effort at IronBee. In the next
> week or so we will start a new section on our wiki to enumerate all
> the relevant attacks against web applications and then document what
> web application firewalls can do to address them (with a view to
> implement those defences in IronBee).
> We should perhaps include a copy of the wiki content in WAFEC itself.
> After all, one of our goals would be helping end users to understand
> what WAFs can and cannot do.
Can I recommend that this be extended to ModSecurity (possibly
completed by Ryan) so that a common benchmark can be established with
the intent of this body of work possibly being reused by other WAF
Mobile: +61 433 510 532 (AEST +10 GMT/UTC)
More information about the wasc-wafec