[WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation Criteria at AppSec EU2013

Ofer Shezaf ofer at shezaf.com
Tue Nov 13 17:30:40 EST 2012

I know who is WAFEC target audience, however I wonder what would a paid
workshop on WAFEC include. 

~ Ofer

-----Original Message-----
From: Christian Heinrich [mailto:christian.heinrich at cmlh.id.au] 
Sent: Wednesday, November 14, 2012 12:20 AM
To: Ofer Shezaf
Cc: Achim Hoffmann; wasc-wafec at lists.webappsec.org
Subject: Re: WASC/OWASP Web,Application Firewall Evaluation Criteria at
AppSec EU2013


I believe the intended audience of a workshop would be:

1. WAF Vendor(s) preparing documentation to support WAFEC.
2a. https://www.nsslabs.com/, https://www.icsalabs.com/, etc preforming
independent verification of WAFEC against WAF Vendor claim on behalf of an
end user.
2b. http://www.dsd.gov.au/infosec/aisep/providers.htm with the specific end
user being Government.
3. End User evaluating WAF solutions based on a combination of the above.

On Wed, Nov 14, 2012 at 9:09 AM, Ofer Shezaf <ofer at shezaf.com> wrote:
> I think that a presentation is a no brainer. As to workshop, since I
really hope we would have a result to show, workshop for discussion would
not be very useful. A training workshop would require an agenda and a
commitment of a trainer to prepare a quality course that people will pay
for. I personally am not sure what would be the content of such a training
session. If anyone has a clear ideas as to what that be, we can either
launch that as a WAFEC initiative or leave it to anyone who think it is a
good business to do.

Christian Heinrich


More information about the wasc-wafec mailing list