[WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation Criteria at AppSec EU2013
ofer at shezaf.com
Wed Nov 14 15:24:48 EST 2012
Certainly. I think that this is what I understood as well. As a suggestion, maybe in order to provide context for such a workshop it can be set up as a panel (vendors or othes).
From: Achim Hoffmann [mailto:websec10 at sic-sec.org]
Sent: Wednesday, November 14, 2012 6:46 PM
To: wasc-wafec at lists.webappsec.org
Cc: Christian Heinrich; Ofer Shezaf
Subject: Re: WASC/OWASP Web,Application Firewall Evaluation Criteria at AppSec EU2013
when I was informing about the possibility of "taining or workshop" my intent was, as Christian described, to bring together authors, contributors and friends.
I had not in mind to make a traditional (OWASP) training which the audience has to pay for.
However, I'm open to manage that too, but that should cover more than one product to attract people.
A talk about the WAFEC work and result should then be done too.
Does this clarify things?
Am 13.11.2012 23:20, schrieb Christian Heinrich:
> I believe the intended audience of a workshop would be:
> 1. WAF Vendor(s) preparing documentation to support WAFEC.
> 2a. https://www.nsslabs.com/, https://www.icsalabs.com/, etc
> preforming independent verification of WAFEC against WAF Vendor claim
> on behalf of an end user.
> 2b. http://www.dsd.gov.au/infosec/aisep/providers.htm with the
> specific end user being Government.
> 3. End User evaluating WAF solutions based on a combination of the above.
> On Wed, Nov 14, 2012 at 9:09 AM, Ofer Shezaf <ofer at shezaf.com> wrote:
>> I think that a presentation is a no brainer. As to workshop, since I really hope we would have a result to show, workshop for discussion would not be very useful. A training workshop would require an agenda and a commitment of a trainer to prepare a quality course that people will pay for. I personally am not sure what would be the content of such a training session. If anyone has a clear ideas as to what that be, we can either launch that as a WAFEC initiative or leave it to anyone who think it is a good business to do.
On Tue, Nov 13, 2012 at 11:45 PM, Achim Hoffmann <websec10 at sic-sec.org> wrote:
> as we (OWASP Germany) are currently planing for AppSec EU2013, I can
> reserve a slot for a talk/presentation and also for a one or half day training or workshop.
More information about the wasc-wafec