[WASC-WAFEC] ISCA WAF Certification Criteria

Christian Heinrich christian.heinrich at cmlh.id.au
Sat Jun 21 22:58:54 EDT 2014


Here is the draft timeline of tasks that I have just thought of off
the top of my head so it is subject to change when I have a chance to
reconsider it over next weekend (28 June onwards):

1. Review the remaining chapter of the WAFEC v1
2. Review ICSA WAF Certification Criteria and incorporate any missing
content into WAFEC
3. Review Garnter MQ

My thinking of the above is due the amount of time that it may take
for the vendor(s) to make the Gartner MQ available to the public for

I have no idea yet if ICSA make their content available to the public
or not so please accept my apology in advance if I am wrong.  I am
strapped for time at the moment.

Thanks for acknowledging ICSA's support for the next release of WAFEC too.

On Sat, Jun 21, 2014 at 10:58 PM, Monkman, Brian <bmonkman at icsalabs.com> wrote:
> We would certainly be willing to discuss incorporating WAFEC into our
> certification requirements.
> Brian Monkman
> Network Security Programs Manager
> ICSA Labs
> -----Original Message-----
> From: Christian Heinrich [christian.heinrich at cmlh.id.au]
> Sent: Friday, June 20, 2014 06:58 PM Eastern Standard Time
> To: Ofer Shezaf
> Cc: wasc-wafec at lists.webappsec.org
> Subject: Re: [WASC-WAFEC] ISCA WAF Certification Criteria
> Ofer,
> On Wed, Jun 6, 2012 at 9:39 PM, Ofer Shezaf <ofer at shezaf.com> wrote:
>> ·         Approaching NSS, ICSA and the likes to use WAFEC
> I saw a mention of
> https://www.icsalabs.com/technology-program/web-application-firewalls/web-application-firewall-certification-criteria
> in the various media releases of vendors as part of the recently
> announced Gartner Magic Quadrant.
> I believe our approach should be similar to that ingesting the Gartner
> Magic Quadrant into WAFEC i.e. correlate what is missing from WAFEC
> according to ICSA and after due diligence incorporate it into the next
> release of WAFEC?
> Furthermore, NSS might adopt our approach and therefore increase our
> exposure.
> Your thoughts?
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact
> _______________________________________________
> wasc-wafec mailing list
> wasc-wafec at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org

Christian Heinrich


More information about the wasc-wafec mailing list