[WASC-WAFEC] WAFEC 2 outline
ofer at shezaf.com
Tue Oct 23 06:09:23 EDT 2012
I found myself recently just writing and writing for WAFEC 2 progressing
well beyond the point at which I should share back to the team and enlist
others to help. Christian's and Ido's contribution reminded me of that. To
that end, I cut back a lot of what I wrote and am now ready with an outline
for your review here:
I hope the outline addresses most of the issues discussed in the
conversation so far:
. None core WAF items will be in an appendix, however I did mention
the need to take them into consideration in the first chapter under "using
. Security value is focused on addressing WASC-TC threats.
Protection techniques, which form the bulk of WAFEC 1 security part, are
included as well but are secondary to addressing threats.
. A chapter is devoted to "what is a WAF" which should be
educational rather than used for evaluation, but does provide the background
including use cases.
. Testing methodology, weighting, evaluation excel and alternative
solutions are all demoted to appendixes. Partially because I think they
belong there and partially to avoid delaying to get to a perfection on those
You can read more in the "philosophy" section on the page or inside the
attached outline document.
This is also a call for action:
. Please review and comment on the outline. Deadline for this is Nov
. Please, in parallel, select the chapter you want to work on from
the list on the page. Note that only if you own and write a section you
will be listed as contributor. Others would be listed as reviewers.
Thanks and looking forward for the hard work!
[+972-54-4431119; ofer at shezaf.com, www.shezaf.com]
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wasc-wafec