[WASC-WAFEC] WAFEC 2.0 Comments chapters 1 and 2

Klaubert Herr da Silveira klaubert at gmail.com
Mon Jan 21 18:06:27 EST 2013


1.2.1
Just a typo...

Different WAFs cam mitigate the same

To
Different WAFs _can_ mitigate the same


2.1.1  How does a WAF work (technical)
I miss the relationship/differentiation between WAF and IDS/IPS in the
definition.
While they are clearly distinct, they operate in a very similar way,
but with different focus/view/target of traffic. The IDS/IPS match
rules/behavior in packets or streams, watching the full protocol
spectrum of a network. WAF in their side, watch a web application (not
only a packet), interpreting HTTP protocols, validating/analyzing web
services requests (SOAP/RESTfull), doing this even in encrypted
traffic with SSL, and it can correlate the request and response.


2.1.2 Why the name WAF (historical)

In "Today there are more names, like...Next Generation Firewall"

I don't see the "Next Generation Firewall" associated to WAF in the
market/literature. Some NGF vendors indeed make a clear
differentiation between their products and WAF's. Considering they
both are current terms, I think that is better to WAFEC2 not correlate
both.

I'll send other comments for the next topics later.


Best Regards,

Klaubert Herr




More information about the wasc-wafec mailing list