[WASC-WAFEC] What should we change in WAFEC 2.0?

Christian Heinrich christian.heinrich at cmlh.id.au
Sun Aug 19 06:24:58 EDT 2012


I am an end user at the moment and have been informed that it is
possible to repurpose some F5 load balancers as a WAF by our network
service provider.

I am therefore interested in participating (for science) in the
proposal discussed back in June.

Would it be possible directly send me any F5 literature that is
relevant to WAFEC?

On Tue, Jun 26, 2012 at 6:46 AM, Kenneth Salchow <k.salchow at f5.com> wrote:
> Sounds like a reasonable, well-founded plan.
> KJ (Ken) Salchow, Jr. | Program Manager, Technical Certification
> D 651.423.1133
> M 612.868.1258
> P 206.272.5555
> F 206.272.5555
> www.f5.com
> -----Original Message-----
> From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au]
> Sent: Tuesday, June 19, 2012 4:52 PM
> To: Kenneth Salchow
> Cc: Alexander Meisel; wasc-wafec at lists.webappsec.org
> Subject: Re: [WASC-WAFEC] What should we change in WAFEC 2.0?
> Ken,
> My recommendation would be to produce a high level draft of customer requirements of items that complement a WAF and then have this endorsed by end user(s) for inclusion or; as a supplement to WAFEC.
> On Wed, Jun 20, 2012 at 3:08 AM, Kenneth Salchow <k.salchow at f5.com> wrote:
>> I'm not sure what you are asking for Christian ... are you looking for customer references that state that customers have other solutions (SSO, SSL-VPN, UTM, Firewall, etc) that they will be deploying alongside WAF?  I kind of thought that we could all agree that customers weren't installing WAF devices all by themselves; that would be kind of simplistic if you ask me.
>> Further, yes, I do think we should mention all the regional certifications related to power consumption or other implementation issues.  As a customer (and while I'm not one now ... I was one once) those are ALL important things to me.  Why would I bother to investigate a solution that I would not be able to actually deploy because it doesn't meet the requirements of my environment?
>> However, if everyone thinks it is of no value to customers to know this kind of information ... then that's fine by me.  I just personally think you are doing a disservice to the end customer to simply dismiss these items.  Today's networks are far too complex to simply ignore how devices interact with each other.

Christian Heinrich


More information about the wasc-wafec mailing list