[WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation Criteria at AppSec EU2013

Robert A. robert at webappsec.org
Tue Nov 13 17:26:06 EST 2012


Quick question.

Should a workshop or training session be part of a wafec discussion? I see 
that people will want to give a talk on it which is fantastic, but I guess 
I see it as a separate thing not directly associated/promoted by the 
project itself.

Regards,
- Robert A.
http://www.cgisecurity.com/
http://www.webappsec.org/
http://www.qasec.com/

On Wed, 14 Nov 2012, Christian Heinrich wrote:

> Ofer,
>
> I believe the intended audience of a workshop would be:
>
> 1. WAF Vendor(s) preparing documentation to support WAFEC.
> 2a. https://www.nsslabs.com/, https://www.icsalabs.com/, etc
> preforming independent verification of WAFEC against WAF Vendor claim
> on behalf of an end user.
> 2b. http://www.dsd.gov.au/infosec/aisep/providers.htm with the
> specific end user being Government.
> 3. End User evaluating WAF solutions based on a combination of the above.
>
> On Wed, Nov 14, 2012 at 9:09 AM, Ofer Shezaf <ofer at shezaf.com> wrote:
>> I think that a presentation is a no brainer. As to workshop, since I really hope we would have a result to show, workshop for discussion would not be very useful. A training workshop would require an agenda and a commitment of a trainer to prepare a quality course that people will pay for. I personally am not sure what would be the content of such a training session. If anyone has a clear ideas as to what that be, we can either launch that as a WAFEC initiative or leave it to anyone who think it is a good business to do.
>
>
> -- 
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
>
> _______________________________________________
> wasc-wafec mailing list
> wasc-wafec at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
>




More information about the wasc-wafec mailing list