[WASC-WAFEC] AWS WAF

Tony Turner tony.turner at owasp.org
Thu Oct 8 11:05:26 EDT 2015


Thanks Mark. That's helpful. I did ask specifically what the relationship
with Imperva was.

For anyone following this thread, in the next version of WAFEC we intend to
call out IP Reputation and associated threat feed capabilities as an
extrinsic criteria that will only be used for evaluation if that is a
capability specified by the evaluator. Currently this is not considered a
core, or intrinsic, criteria for WAF evaluation.


On Thu, Oct 8, 2015 at 10:19 AM, Mark Kraynak <mark at imperva.com> wrote:

> At the risk of being too commercial, I’m attaching a link to the Imperva
> blog where we announced our intention to offer IP reputation as a service
> for AWS WAF.  I think there is opportunity in the long term to do more, but
> for now the integration is focused on IP reputation.  If anyone would like
> to get more information, I’d be happy to discuss offline.
>
>
>
> http://blog.imperva.com/2015/10/imperva-threatradar-for-aws-waf.html
>
>
>
> *From:* wasc-wafec [mailto:wasc-wafec-bounces at lists.webappsec.org] *On
> Behalf Of *Tony Turner
> *Sent:* Thursday, October 08, 2015 5:16 AM
> *To:* Christian Folini
> *Cc:* wasc-wafec at lists.webappsec.org
> *Subject:* Re: [WASC-WAFEC] AWS WAF
>
>
>
> I'm curious about slide 73 listing Imperva as a partner. (as well as Trend
> Micro and Alert Logic). Does that mean its Incapsula or SecureSphere
> providing WAF services? What's Imperva's role in the AWS WAF service?
>
>
>
> On Thu, Oct 8, 2015 at 12:50 AM, Christian Folini <
> christian.folini at netnea.com> wrote:
>
> Hi there,
>
> On Thu, Oct 08, 2015 at 03:23:59PM +1100, Christian Heinrich wrote:
> >
> http://www.slideshare.net/AmazonWebServices/sec323-new-securing-web-applications-with-aws-waf
> > are the slides of the WAF Product from Amazon Web Services:
>
> Has anybody used this? It says it is easy to integrate, but the slides
> makes it look awful to handle false positives.
>
> I like the "pay by the number of rules you use" approach though.
> That's a business model!
>
> Ahoj,
>
> Christian Folini
>
>
> --
> For my part I believe in the forgiveness of sin and the redemption of
> ignorance.
> -- Adlai Stevenson
>
>
>
>
>
> --
>
> Tony Turner
> OWASP Orlando Chapter Founder/Co-Leader
>
> WAFEC Project Leader
>
> STING Game Project Leader
> tony.turner at owasp.org
>
> https://www.owasp.org/index.php/Orlando
>



-- 
Tony Turner
OWASP Orlando Chapter Founder/Co-Leader
WAFEC Project Leader
STING Game Project Leader
tony.turner at owasp.org
https://www.owasp.org/index.php/Orlando
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/attachments/20151008/2a4e255a/attachment-0003.html>


More information about the wasc-wafec mailing list