[WASC-WAFEC] WAFEC 2 outline

Ofer Shezaf ofer at shezaf.com
Thu Nov 1 15:26:29 EDT 2012


I am happy to announce we have a first volunteer to own a section. Mark
Kraynak volunteered to own section 4 (Deployment Options). 

 

Thanks you Mark!

 

~ Ofer

 

From: Ofer Shezaf [mailto:ofer at shezaf.com] 
Sent: Tuesday, October 23, 2012 12:09 PM
To: 'wasc-wafec at lists.webappsec.org'
Subject: WAFEC 2 outline

 

 

Hi All,

 

I found myself recently just writing and writing for WAFEC 2 progressing
well beyond the point at which I should share back to the team and enlist
others to help. Christian's and Ido's contribution reminded me of that. To
that end, I cut back a lot of what I wrote and am now ready with an outline
for your review here:
http://projects.webappsec.org/w/page/60249779/WAFEC_2_Outline

 

I hope the outline addresses most of the issues discussed in the
conversation so far:

.         None core WAF items will be in an appendix, however I did mention
the need to take them into consideration in the first chapter under "using
WAFEC".

.         Security value is focused on addressing WASC-TC threats.
Protection techniques, which form the bulk of WAFEC 1 security part, are
included as well but are secondary to addressing threats.

.         A chapter is devoted to "what is a WAF" which should be
educational rather than used for evaluation, but does provide the background
including use cases. 

.         Testing methodology, weighting, evaluation excel and alternative
solutions are all demoted to appendixes. Partially because I think they
belong there and partially to avoid delaying to get to a perfection on those
complex issues.

 

You can read more in the "philosophy" section on the page or inside the
attached outline document.

 

This is also a call for action:

.         Please review and comment on the outline. Deadline for this is Nov
15th.

.         Please, in parallel, select the chapter you want to work on from
the list on the page.  Note that only if you own and write a section you
will be listed as contributor. Others would be listed as reviewers.

 

Thanks and looking forward for the hard work!

 

~ Ofer

 

Ofer Shezaf

[+972-54-4431119; ofer at shezaf.com, www.shezaf.com]

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20121101/ae5a62ec/attachment-0003.html>


More information about the wasc-wafec mailing list