[WASC-WAFEC] What should we change in WAFEC 2.0?
ofer at shezaf.com
Fri Jun 8 11:15:41 EDT 2012
Thank you all for the great input. I am going to a week's vacation today and
will summarize all said, define draft goal and action plan when I am back.
From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au]
Sent: Friday, June 08, 2012 3:08 AM
To: Ryan Barnett
Cc: Ofer Shezaf; wasc-wafec at lists.webappsec.org
Subject: Re: [WASC-WAFEC] What should we change in WAFEC 2.0?
On Thu, Jun 7, 2012 at 11:18 PM, Ryan Barnett <rcbarnett at gmail.com> wrote:
> I recommend that we consider using a "Levels" approach similar to what
> OWASP ASVS uses - http://code.google.com/p/owasp-asvs/wiki/ASVS. This
> way, we can group items and the user can be clear which items are
> considered "core" WAF features and which ones provide added value.
As far as I am aware (i.e. I might be incorrect) Mike Boberski (former OWASP
Project Leader) based on the ASVS "Levels" on
http://www.commoncriteriaportal.org/ based on my reading of
I can assist with an introduction to
http://www.dsd.gov.au/infosec/aisep/providers.htm but due to the timezone
difference with Australia it might be worth liaising with those more locally
in North America.
More information about the wasc-wafec