[WASC-WAFEC] Imperva WTF Tool

Tony Turner tony.turner at owasp.org
Fri Nov 20 09:40:18 EST 2015


In the interest of full disclosure I wanted to announce to the list that
Mark Kraynak and Amichai Shulman of Imperva have provided us with the
source code for the Imperva WTF WAF testing tool. Out intent is not to
rebrand as a WAFEC tool, but to utilize as guide for the development of a
separate independent tool. It will likely be a very different tool and I
want to reiterate that we are not intending to re-release any of their work
effort without significant rework or at the very least, a comprehensive
review. At this time I don't know exactly what that will look like as we
have not gathered requirements yet.

Some of the logic and structure may remain, but I wanted to make sure there
was transparency around this resource for WAFEC. If there are those on this
list who have an interest in being actively involved in the development of
this new toolset or have specific requirements you would like the tool to
address, please shoot me an email and I'll get you added to the development
team, or at the very least get your requests added to the list. If you are
a vendor, and have specific concerns about this approach, please let me
know. I'd love to get your feedback.

I don't intend to ramp up dev efforts for a few more months, at least not
until the actual criteria are more well defined for the next version but I
wanted to get the ball rolling so we can start gathering requirements and
head off any concerns in advance of actual dev work starting. Lastly, we
will not release any tool publically as an official WAFEC deliverable until
all members of the vendor subgroup have had a chance to review it.

If you are a WAF vendor and wish to be added to the vendor subgroup, please
shoot me an email with your contact information and role. We are not
excluding any vendor from this process.

As of this time, the following vendors are represented on our vendor
subgroup:

   - Verizon
   - Radware
   - Ergon
   - Cdnetworks
   - Imperva
   - F5
   - Sentrix


-- 
Tony Turner
OWASP Orlando Chapter Founder/Co-Leader
WAFEC Project Leader
STING Game Project Leader
tony.turner at owasp.org
https://www.owasp.org/index.php/Orlando
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20151120/0efe3911/attachment-0003.html>


More information about the wasc-wafec mailing list