[WASC-WAFEC] WAFEC 2 outline

Ofer Shezaf ofer at shezaf.com
Tue Oct 23 06:09:23 EDT 2012


Hi All,


I found myself recently just writing and writing for WAFEC 2 progressing
well beyond the point at which I should share back to the team and enlist
others to help. Christian's and Ido's contribution reminded me of that. To
that end, I cut back a lot of what I wrote and am now ready with an outline
for your review here:


I hope the outline addresses most of the issues discussed in the
conversation so far:

.         None core WAF items will be in an appendix, however I did mention
the need to take them into consideration in the first chapter under "using

.         Security value is focused on addressing WASC-TC threats.
Protection techniques, which form the bulk of WAFEC 1 security part, are
included as well but are secondary to addressing threats.

.         A chapter is devoted to "what is a WAF" which should be
educational rather than used for evaluation, but does provide the background
including use cases. 

.         Testing methodology, weighting, evaluation excel and alternative
solutions are all demoted to appendixes. Partially because I think they
belong there and partially to avoid delaying to get to a perfection on those
complex issues.


You can read more in the "philosophy" section on the page or inside the
attached outline document.


This is also a call for action:

.         Please review and comment on the outline. Deadline for this is Nov

.         Please, in parallel, select the chapter you want to work on from
the list on the page.  Note that only if you own and write a section you
will be listed as contributor. Others would be listed as reviewers.


Thanks and looking forward for the hard work!


~ Ofer


Ofer Shezaf

[+972-54-4431119; ofer at shezaf.com, www.shezaf.com]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20121023/f05c7434/attachment-0003.html>

More information about the wasc-wafec mailing list