[WASC-WAFEC] What should we change in WAFEC 2.0?

Christian Heinrich christian.heinrich at cmlh.id.au
Thu Jun 7 20:08:09 EDT 2012


On Thu, Jun 7, 2012 at 11:18 PM, Ryan Barnett <rcbarnett at gmail.com> wrote:
> I recommend that we consider using a "Levels" approach similar to what OWASP
> ASVS uses - http://code.google.com/p/owasp-asvs/wiki/ASVS.  This way, we can
> group items and the user can be clear which items are considered "core" WAF
> features and which ones provide added value.

As far as I am aware (i.e. I might be incorrect) Mike Boberski (former
OWASP Project Leader) based on the ASVS "Levels" on
http://www.commoncriteriaportal.org/ based on my reading of

I can assist with an introduction to
http://www.dsd.gov.au/infosec/aisep/providers.htm but due to the
timezone difference with Australia it might be worth liaising with
those more locally in North America.

Christian Heinrich


More information about the wasc-wafec mailing list