[WASC-WAFEC] IronBee -- a new Apache-licensed web application firewall

Ivan Ristic ivan.ristic at gmail.com
Wed Feb 23 04:23:14 EST 2011

On Wed, Feb 23, 2011 at 5:50 AM, Christian Heinrich
<christian.heinrich at cmlh.id.au> wrote:
> Ivan,
> On Tue, Feb 22, 2011 at 10:39 PM, Ivan Ristic <ivan.ristic at gmail.com> wrote:
>> I am writing to this list because I expect there will be an overlap
>> between WAFEC and the documentation effort at IronBee. In the next
>> week or so we will start a new section on our wiki to enumerate all
>> the relevant attacks against web applications and then document what
>> web application firewalls can do to address them (with a view to
>> implement those defences in IronBee).
>> We should perhaps include a copy of the wiki content in WAFEC itself.
>> After all, one of our goals would be helping end users to understand
>> what WAFs can and cannot do.
> Can I recommend that this be extended to ModSecurity (possibly
> completed by Ryan) so that a common benchmark can be established with
> the intent of this body of work possibly being reused by other WAF
> vendors?

That's absolutely fine. Our only requirement is that any stuff that
gets put into IronBee is licensed under Apache Software License v2.

Yesterday I actually started writing one of the pages to establish a template:


> --
> Regards,
> Christian Heinrich
> http://www.linkedin.com/in/ChristianHeinrich
> Mobile: +61 433 510 532 (AEST +10 GMT/UTC)
> SkypeID: cmlh.id.au

Ivan Ristić

More information about the wasc-wafec mailing list