[WASC-WAFEC] IronBee -- a new Apache-licensed web application firewall

Ivan Ristic ivan.ristic at gmail.com
Wed Feb 23 04:23:14 EST 2011


On Wed, Feb 23, 2011 at 5:50 AM, Christian Heinrich
<christian.heinrich at cmlh.id.au> wrote:
> Ivan,
>
> On Tue, Feb 22, 2011 at 10:39 PM, Ivan Ristic <ivan.ristic at gmail.com> wrote:
>> I am writing to this list because I expect there will be an overlap
>> between WAFEC and the documentation effort at IronBee. In the next
>> week or so we will start a new section on our wiki to enumerate all
>> the relevant attacks against web applications and then document what
>> web application firewalls can do to address them (with a view to
>> implement those defences in IronBee).
>>
>> We should perhaps include a copy of the wiki content in WAFEC itself.
>> After all, one of our goals would be helping end users to understand
>> what WAFs can and cannot do.
>
> Can I recommend that this be extended to ModSecurity (possibly
> completed by Ryan) so that a common benchmark can be established with
> the intent of this body of work possibly being reused by other WAF
> vendors?

That's absolutely fine. Our only requirement is that any stuff that
gets put into IronBee is licensed under Apache Software License v2.

Yesterday I actually started writing one of the pages to establish a template:

https://github.com/ironbee/ironbee/wiki/Defending-against-CSRF

> --
> Regards,
> Christian Heinrich
>
> http://www.linkedin.com/in/ChristianHeinrich
>
> Mobile: +61 433 510 532 (AEST +10 GMT/UTC)
> SkypeID: cmlh.id.au
>



-- 
Ivan Ristić




More information about the wasc-wafec mailing list