[WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation Criteria at AppSec EU2013

Christian Heinrich christian.heinrich at cmlh.id.au
Tue Nov 13 17:20:01 EST 2012


I believe the intended audience of a workshop would be:

1. WAF Vendor(s) preparing documentation to support WAFEC.
2a. https://www.nsslabs.com/, https://www.icsalabs.com/, etc
preforming independent verification of WAFEC against WAF Vendor claim
on behalf of an end user.
2b. http://www.dsd.gov.au/infosec/aisep/providers.htm with the
specific end user being Government.
3. End User evaluating WAF solutions based on a combination of the above.

On Wed, Nov 14, 2012 at 9:09 AM, Ofer Shezaf <ofer at shezaf.com> wrote:
> I think that a presentation is a no brainer. As to workshop, since I really hope we would have a result to show, workshop for discussion would not be very useful. A training workshop would require an agenda and a commitment of a trainer to prepare a quality course that people will pay for. I personally am not sure what would be the content of such a training session. If anyone has a clear ideas as to what that be, we can either launch that as a WAFEC initiative or leave it to anyone who think it is a good business to do.

Christian Heinrich


More information about the wasc-wafec mailing list