[WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation Criteria at AppSec EU2013

Robert A. robert at webappsec.org
Tue Nov 13 17:34:07 EST 2012

For some context.

Historically WASC has created content but hasn't promoted a product, service, workshop, or training event as part of the project. The purpose 
of this is to remain vendor neutral as an organization. WASC's members have supported such things on their own (if they want), but the group as a 
whole has never discussed supporting an event/product/service as part of a project.

I'm not trying to discourage such communication, just that we don't find ourselves doing this on behalf of WASC (without an officer vote since 
this would be setting a precident).


- Robert

On Wed, 14 Nov 2012, Christian Heinrich wrote:

> Robert,
> I believe it should considering it would affect the WASC brand as part
> of its promotion?
> On Wed, Nov 14, 2012 at 9:26 AM, Robert A. <robert at webappsec.org> wrote:
>> Quick question.
>> Should a workshop or training session be part of a wafec discussion? I see
>> that people will want to give a talk on it which is fantastic, but I guess I
>> see it as a separate thing not directly associated/promoted by the project
>> itself.
>> Regards,
>> - Robert A.
>> http://www.cgisecurity.com/
>> http://www.webappsec.org/
>> http://www.qasec.com/
>> On Wed, 14 Nov 2012, Christian Heinrich wrote:
>>> Ofer,
>>> I believe the intended audience of a workshop would be:
>>> 1. WAF Vendor(s) preparing documentation to support WAFEC.
>>> 2a. https://www.nsslabs.com/, https://www.icsalabs.com/, etc
>>> preforming independent verification of WAFEC against WAF Vendor claim
>>> on behalf of an end user.
>>> 2b. http://www.dsd.gov.au/infosec/aisep/providers.htm with the
>>> specific end user being Government.
>>> 3. End User evaluating WAF solutions based on a combination of the above.
>>> On Wed, Nov 14, 2012 at 9:09 AM, Ofer Shezaf <ofer at shezaf.com> wrote:
>>>> I think that a presentation is a no brainer. As to workshop, since I
>>>> really hope we would have a result to show, workshop for discussion would
>>>> not be very useful. A training workshop would require an agenda and a
>>>> commitment of a trainer to prepare a quality course that people will pay
>>>> for. I personally am not sure what would be the content of such a training
>>>> session. If anyone has a clear ideas as to what that be, we can either
>>>> launch that as a WAFEC initiative or leave it to anyone who think it is a
>>>> good business to do.
>>> --
>>> Regards,
>>> Christian Heinrich
>>> http://cmlh.id.au/contact
>>> _______________________________________________
>>> wasc-wafec mailing list
>>> wasc-wafec at lists.webappsec.org
>>> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
> -- 
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact

More information about the wasc-wafec mailing list