[WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation Criteria at AppSec EU2013

Achim Hoffmann websec10 at sic-sec.org
Wed Nov 14 11:45:36 EST 2012

Hi all,

when I was informing about the possibility of "taining or workshop" my intent was,
as Christian described, to bring together authors, contributors and friends.
I had not in mind to make a traditional (OWASP) training which the audience has
to pay for. 
However, I'm open to manage that too, but that should cover more than one product
to attract people.

A talk about the WAFEC work and result should then be done too.

Does this clarify things?

Am 13.11.2012 23:20, schrieb Christian Heinrich:
> Ofer,
> I believe the intended audience of a workshop would be:
> 1. WAF Vendor(s) preparing documentation to support WAFEC.
> 2a. https://www.nsslabs.com/, https://www.icsalabs.com/, etc
> preforming independent verification of WAFEC against WAF Vendor claim
> on behalf of an end user.
> 2b. http://www.dsd.gov.au/infosec/aisep/providers.htm with the
> specific end user being Government.
> 3. End User evaluating WAF solutions based on a combination of the above.
> On Wed, Nov 14, 2012 at 9:09 AM, Ofer Shezaf <ofer at shezaf.com> wrote:
>> I think that a presentation is a no brainer. As to workshop, since I really hope we would have a result to show, workshop for discussion would not be very useful. A training workshop would require an agenda and a commitment of a trainer to prepare a quality course that people will pay for. I personally am not sure what would be the content of such a training session. If anyone has a clear ideas as to what that be, we can either launch that as a WAFEC initiative or leave it to anyone who think it is a good business to do.


On Tue, Nov 13, 2012 at 11:45 PM, Achim Hoffmann <websec10 at sic-sec.org> wrote:
> Hi,
> as we (OWASP Germany) are currently planing for AppSec EU2013, I can reserve
> a slot for a talk/presentation and also for a one or half day training or workshop.

More information about the wasc-wafec mailing list