[WASC-WAFEC] WASC/OWASP Web, Application Firewall Evaluation Criteria at AppSec EU2013

Ofer Shezaf ofer at shezaf.com
Wed Nov 14 15:24:48 EST 2012

Certainly. I think that this is what I understood as well. As a suggestion, maybe in order to provide context for such a workshop it can be set up as a panel (vendors or othes).

~ Ofer

-----Original Message-----
From: Achim Hoffmann [mailto:websec10 at sic-sec.org] 
Sent: Wednesday, November 14, 2012 6:46 PM
To: wasc-wafec at lists.webappsec.org
Cc: Christian Heinrich; Ofer Shezaf
Subject: Re: WASC/OWASP Web,Application Firewall Evaluation Criteria at AppSec EU2013

Hi all,

when I was informing about the possibility of "taining or workshop" my intent was, as Christian described, to bring together authors, contributors and friends.
I had not in mind to make a traditional (OWASP) training which the audience has to pay for. 
However, I'm open to manage that too, but that should cover more than one product to attract people.

A talk about the WAFEC work and result should then be done too.

Does this clarify things?

Am 13.11.2012 23:20, schrieb Christian Heinrich:
> Ofer,
> I believe the intended audience of a workshop would be:
> 1. WAF Vendor(s) preparing documentation to support WAFEC.
> 2a. https://www.nsslabs.com/, https://www.icsalabs.com/, etc 
> preforming independent verification of WAFEC against WAF Vendor claim 
> on behalf of an end user.
> 2b. http://www.dsd.gov.au/infosec/aisep/providers.htm with the 
> specific end user being Government.
> 3. End User evaluating WAF solutions based on a combination of the above.
> On Wed, Nov 14, 2012 at 9:09 AM, Ofer Shezaf <ofer at shezaf.com> wrote:
>> I think that a presentation is a no brainer. As to workshop, since I really hope we would have a result to show, workshop for discussion would not be very useful. A training workshop would require an agenda and a commitment of a trainer to prepare a quality course that people will pay for. I personally am not sure what would be the content of such a training session. If anyone has a clear ideas as to what that be, we can either launch that as a WAFEC initiative or leave it to anyone who think it is a good business to do.


On Tue, Nov 13, 2012 at 11:45 PM, Achim Hoffmann <websec10 at sic-sec.org> wrote:
> Hi,
> as we (OWASP Germany) are currently planing for AppSec EU2013, I can 
> reserve a slot for a talk/presentation and also for a one or half day training or workshop.

More information about the wasc-wafec mailing list