[WASC-WAFEC] Reviewer of Corresponding Sections 1-4 of v1

Ofer Shezaf ofer at shezaf.com
Thu Dec 20 15:51:16 EST 2012

Hi Christian,


Sorry for the late reply. All sections will be published for everyone for
review (I may regret that as it might mean no one will really review.). This
would enable you to review the relevant sections. As to publishing earlier..
I set up condensed timeframe as it is.




~ Ofer


From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au] 
Sent: Tuesday, December 11, 2012 3:34 AM
To: Ofer Shezaf
Cc: wasc-wafec at lists.webappsec.org
Subject: Reviewer of Corresponding Sections 1-4 of v1




Just a reminder below are the comments that I made in March/April 2011 in
relation to Sections 1-4 of WAFEC v1:






I am willing to be assigned as the reviewer for the corresponding section(s)
of WAFEC v2 to ensure that these are integrated into the deliverable?


I also have some availability from 24-31 December so if the respective
authors could deliver these sections of WAFEC v2 first (i.e. prior to 31
December) then I can commence their review earlier.  If this is not possible
then this is no problem either.


On Mon, Dec 10, 2012 at 11:55 PM, Ofer Shezaf <ofer at shezaf.com
<mailto:ofer at shezaf.com> > wrote:

Hi All,


As the target date for submitting a draft for the different sections is
getting near (Dec 31st!), I would like to touch on few points regarding


First, I will take the chapters no one volunteered for.


Formats, submission and reviews:

*         Contributors:

o   Each contributor can select whatever format they wish to write in, as
long as they can share with the list in a format that everyone can read and
that I can aggregate later on. HTML would  be best. If you use a Word, share
with the list in PDF and send me the word file for consolidation once the
time comes.

o   You can either use the WAFEC Wiki to upload the files (I can assist) or
store wherever you want (for example OWASP wiki). Send only links to the

*         Reviewers:

o   Please send your comments publicly to the list. I think the discussion
should be public.

*         When the final drafts are in, I will consolidate the documents to
ensure consistent formatting.



*         Dec 31st - 1st draft

*         Jan 22nd - review period

*         Jan 31st - final draft incorporating review.

*         Feb 25th - RSA - I would like to shoot for actually releasing for
RSA. Let's make final decision once the 1st drafts are out.


As a reminder, this is the list of contributors:

*	Introduction - Ofer Shezaf 
*	What is a WAF? - Achim Hoffmann
*	Security - threats and mitigation - Ryan Barnett
*	Security - protection techniques - Ryan Barnett
*	Environment suitability (Deployment Options) - Mark Kraynak 
*	Supporting functionality - management, reporting and analytic,
security - Ofer Shezaf
*	Supporting functionality -  Performance, reliability, physical
characteristics - Ofer Shezaf
*	Supporting functionality - integration - Ofer Shezaf
*	Appendix - Integrated Related Features - Erwin Huber
*	Appendix - none technical criteria  - Erwin Huber
*	Appendix - alternative solutions - Ofer Shezaf


~ Ofer


Ofer Shezaf

[+972-54-4431119 <tel:%5B%2B972-54-4431119> ; ofer at shezaf.com
<mailto:ofer at shezaf.com> , www.shezaf.com <http://www.shezaf.com> ]


wasc-wafec mailing list
wasc-wafec at lists.webappsec.org <mailto:wasc-wafec at lists.webappsec.org> 


Christian Heinrich


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20121220/355a37e3/attachment-0003.html>

More information about the wasc-wafec mailing list