[WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation Criteria at AppSec EU2013

Ofer Shezaf ofer at shezaf.com
Tue Nov 13 17:31:50 EST 2012

I tend to agree. Generally speaking building a training material might be a
task within a project, however I am not sure how this would work for WAFEC.

~ Ofer

-----Original Message-----
From: Robert A. [mailto:robert at webappsec.org] 
Sent: Wednesday, November 14, 2012 12:26 AM
To: Christian Heinrich
Cc: Ofer Shezaf; wasc-wafec at lists.webappsec.org
Subject: Re: [WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation
Criteria at AppSec EU2013

Quick question.

Should a workshop or training session be part of a wafec discussion? I see
that people will want to give a talk on it which is fantastic, but I guess I
see it as a separate thing not directly associated/promoted by the project

- Robert A.

On Wed, 14 Nov 2012, Christian Heinrich wrote:

> Ofer,
> I believe the intended audience of a workshop would be:
> 1. WAF Vendor(s) preparing documentation to support WAFEC.
> 2a. https://www.nsslabs.com/, https://www.icsalabs.com/, etc 
> preforming independent verification of WAFEC against WAF Vendor claim 
> on behalf of an end user.
> 2b. http://www.dsd.gov.au/infosec/aisep/providers.htm with the 
> specific end user being Government.
> 3. End User evaluating WAF solutions based on a combination of the above.
> On Wed, Nov 14, 2012 at 9:09 AM, Ofer Shezaf <ofer at shezaf.com> wrote:
>> I think that a presentation is a no brainer. As to workshop, since I
really hope we would have a result to show, workshop for discussion would
not be very useful. A training workshop would require an agenda and a
commitment of a trainer to prepare a quality course that people will pay
for. I personally am not sure what would be the content of such a training
session. If anyone has a clear ideas as to what that be, we can either
launch that as a WAFEC initiative or leave it to anyone who think it is a
good business to do.
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact
> _______________________________________________
> wasc-wafec mailing list
> wasc-wafec at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec
> .org

More information about the wasc-wafec mailing list