wasc-wafec@lists.webappsec.org
WASC Web Application Firewall Evaluation Criteria Project Mailing List
View all threadsSelecting a new leader
Hi everyone,
As you most probably noticed, I was not able to push this project forward. As my work is not related to application security in the last few years, I find myself getting further and further from the subject.
If we want this project to move forward, we need volunteers to lead it. The criteria in my mind are:
-
Not working for a WAF vendor (mandatory). -
A WAF expert (highly recommended). -
Willing to write the bulk of the document (highly recommended).
As a first stage I suggest seeking volunteers, on this mailing list or others. Once we have volunteers to lead, we should vote. Since a team project requires someone who would be accepted by the team, I suggest a yes/no vote for each candidate in which the one to get most yes votes is elected but has to have above 50% yes votes.
If nobody volunteers, or nobody wins the confidence of the team, I think the conclusion would be that the project has reached its conclusion.
~ Ofer
Ofer Shezaf
ofer@shezaf.com mailto:ofer@shezaf.com , +972-54-4431119
Ofer, I'd hate to see this project die. I'd be happy to assist if you have
not had any offers.
· Not working for a WAF vendor (mandatory). - I work for
GuidePoint Security as a Managing Security Consultant. I do commonly work
with certain WAFs but I've never received a vendor SPIFF and I frequently
recommend different vendors based on unique client need.
· A WAF expert (highly recommended). - *I hesitate to classify
myself as an expert in anything but I do work in this space and enjoy it. I
ran the http://wafbypass.me http://wafbypass.me/ wiki project in the past
but it was never fully completed and hasn't been updated in over a year. I
think it was a good start but I wanted to redesign the wiki and just had
not gotten around to it yet. I think getting involved with WAFEC is more
in line with my current professional goals. *
· Willing to write the bulk of the document (highly
recommended). - I'd
be happy to take this on, but can't do it alone. I'd be happy to drive this
effort though.
--
Tony Turner
https://twitter.com/tonylturner
https://www.linkedin.com/in/tonyturnercissp
On Mon, Nov 17, 2014 at 3:45 PM, Ofer Shezaf ofer@shezaf.com wrote:
Hi everyone,
As you most probably noticed, I was not able to push this project forward.
As my work is not related to application security in the last few years, I
find myself getting further and further from the subject.
If we want this project to move forward, we need volunteers to lead it.
The criteria in my mind are:
· Not working for a WAF vendor (mandatory).
· A WAF expert (highly recommended).
· Willing to write the bulk of the document (highly recommended).
As a first stage I suggest seeking volunteers, on this mailing list or
others. Once we have volunteers to lead, we should vote. Since a team
project requires someone who would be accepted by the team, I suggest a
yes/no vote for each candidate in which the one to get most yes votes is
elected but has to have above 50% yes votes.
If nobody volunteers, or nobody wins the confidence of the team, I think
the conclusion would be that the project has reached its conclusion.
~ Ofer
Ofer Shezaf
ofer@shezaf.com ofer@shezaf.com, +972-54-4431119 <%2B972-54-4431119>
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
hi Tony,
go for it!
I will not be able to put much time into it, but it would be great to put
some new life into this project
regards
Seba
On Wed, Apr 29, 2015 at 10:59 PM Tony Turner tony@sentinel24.com wrote:
Ofer, I'd hate to see this project die. I'd be happy to assist if you have
not had any offers.
· Not working for a WAF vendor (mandatory). - I work for
GuidePoint Security as a Managing Security Consultant. I do commonly work
with certain WAFs but I've never received a vendor SPIFF and I frequently
recommend different vendors based on unique client need.
· A WAF expert (highly recommended). - *I hesitate to classify
myself as an expert in anything but I do work in this space and enjoy it. I
ran the http://wafbypass.me http://wafbypass.me/ wiki project in the past
but it was never fully completed and hasn't been updated in over a year. I
think it was a good start but I wanted to redesign the wiki and just had
not gotten around to it yet. I think getting involved with WAFEC is more
in line with my current professional goals. *
· Willing to write the bulk of the document (highly recommended).
-
I'd be happy to take this on, but can't do it alone. I'd be happy to
drive this effort though.
--
Tony Turner
https://twitter.com/tonylturner
https://www.linkedin.com/in/tonyturnercissp
On Mon, Nov 17, 2014 at 3:45 PM, Ofer Shezaf ofer@shezaf.com wrote:
Hi everyone,
As you most probably noticed, I was not able to push this project
forward. As my work is not related to application security in the last few
years, I find myself getting further and further from the subject.
If we want this project to move forward, we need volunteers to lead it.
The criteria in my mind are:
· Not working for a WAF vendor (mandatory).
· A WAF expert (highly recommended).
· Willing to write the bulk of the document (highly recommended).
As a first stage I suggest seeking volunteers, on this mailing list or
others. Once we have volunteers to lead, we should vote. Since a team
project requires someone who would be accepted by the team, I suggest a
yes/no vote for each candidate in which the one to get most yes votes is
elected but has to have above 50% yes votes.
If nobody volunteers, or nobody wins the confidence of the team, I think
the conclusion would be that the project has reached its conclusion.
~ Ofer
Ofer Shezaf
ofer@shezaf.com ofer@shezaf.com, +972-54-4431119 <%2B972-54-4431119>
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
Hi Tony,
Thanks for stepping in. I think it is great that someone stepped up to the task.
Team,
Since I asked the question 6 months ago and Tony is the first to volunteer, I think we should take him on his courageous offer. If anyone has any objection, this is the time to raise it. Otherwise I will work with the OWASP and WASC officers to officially change the leadership.
~ Ofer
From: Seba [mailto:seba@owasp.org]
Sent: Thursday, April 30, 2015 12:18 AM
To: Tony Turner; Ofer Shezaf
Cc: wasc-wafec@lists.webappsec.org
Subject: Re: [WASC-WAFEC] Selecting a new leader
hi Tony,
go for it!
I will not be able to put much time into it, but it would be great to put some new life into this project
regards
Seba
On Wed, Apr 29, 2015 at 10:59 PM Tony Turner <tony@sentinel24.com mailto:tony@sentinel24.com > wrote:
Ofer, I'd hate to see this project die. I'd be happy to assist if you have not had any offers.
-
Not working for a WAF vendor (mandatory). - I work for GuidePoint Security as a Managing Security Consultant. I do commonly work with certain WAFs but I've never received a vendor SPIFF and I frequently recommend different vendors based on unique client need. -
A WAF expert (highly recommended). - I hesitate to classify myself as an expert in anything but I do work in this space and enjoy it. I ran the http://wafbypass.me <http://wafbypass.me/> wiki project in the past but it was never fully completed and hasn't been updated in over a year. I think it was a good start but I wanted to redesign the wiki and just had not gotten around to it yet. I think getting involved with WAFEC is more in line with my current professional goals. -
Willing to write the bulk of the document (highly recommended). - I'd be happy to take this on, but can't do it alone. I'd be happy to drive this effort though.
--
Tony Turner
https://twitter.com/tonylturner
https://www.linkedin.com/in/tonyturnercissp
On Mon, Nov 17, 2014 at 3:45 PM, Ofer Shezaf <ofer@shezaf.com mailto:ofer@shezaf.com > wrote:
Hi everyone,
As you most probably noticed, I was not able to push this project forward. As my work is not related to application security in the last few years, I find myself getting further and further from the subject.
If we want this project to move forward, we need volunteers to lead it. The criteria in my mind are:
-
Not working for a WAF vendor (mandatory). -
A WAF expert (highly recommended). -
Willing to write the bulk of the document (highly recommended).
As a first stage I suggest seeking volunteers, on this mailing list or others. Once we have volunteers to lead, we should vote. Since a team project requires someone who would be accepted by the team, I suggest a yes/no vote for each candidate in which the one to get most yes votes is elected but has to have above 50% yes votes.
If nobody volunteers, or nobody wins the confidence of the team, I think the conclusion would be that the project has reached its conclusion.
~ Ofer
Ofer Shezaf
ofer@shezaf.com mailto:ofer@shezaf.com , +972-54-4431119 tel:%2B972-54-4431119
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org mailto:wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org mailto:wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
Open source is hard.... :)
Regards,
Robert Auger
On Wed, Apr 29, 2015 at 2:30 PM, Ofer Shezaf ofer@shezaf.com wrote:
Hi Tony,
Thanks for stepping in. I think it is great that someone stepped up to the
task.
Team,
Since I asked the question 6 months ago and Tony is the first to
volunteer, I think we should take him on his courageous offer. If anyone
has any objection, this is the time to raise it. Otherwise I will work with
the OWASP and WASC officers to officially change the leadership.
~ Ofer
From: Seba [mailto:seba@owasp.org]
Sent: Thursday, April 30, 2015 12:18 AM
To: Tony Turner; Ofer Shezaf
Cc: wasc-wafec@lists.webappsec.org
Subject: Re: [WASC-WAFEC] Selecting a new leader
hi Tony,
go for it!
I will not be able to put much time into it, but it would be great to put
some new life into this project
regards
Seba
On Wed, Apr 29, 2015 at 10:59 PM Tony Turner tony@sentinel24.com wrote:
Ofer, I'd hate to see this project die. I'd be happy to assist if you have
not had any offers.
· Not working for a WAF vendor (mandatory). - I work for
GuidePoint Security as a Managing Security Consultant. I do commonly work
with certain WAFs but I've never received a vendor SPIFF and I frequently
recommend different vendors based on unique client need.
· A WAF expert (highly recommended). - *I hesitate to classify
myself as an expert in anything but I do work in this space and enjoy it. I
ran the http://wafbypass.me http://wafbypass.me/ wiki project in the past
but it was never fully completed and hasn't been updated in over a year. I
think it was a good start but I wanted to redesign the wiki and just had
not gotten around to it yet. I think getting involved with WAFEC is more
in line with my current professional goals. *
· Willing to write the bulk of the document (highly recommended).
-
I'd be happy to take this on, but can't do it alone. I'd be happy to
drive this effort though.
--
Tony Turner
https://twitter.com/tonylturner
https://www.linkedin.com/in/tonyturnercissp
On Mon, Nov 17, 2014 at 3:45 PM, Ofer Shezaf ofer@shezaf.com wrote:
Hi everyone,
As you most probably noticed, I was not able to push this project forward.
As my work is not related to application security in the last few years, I
find myself getting further and further from the subject.
If we want this project to move forward, we need volunteers to lead it.
The criteria in my mind are:
· Not working for a WAF vendor (mandatory).
· A WAF expert (highly recommended).
· Willing to write the bulk of the document (highly recommended).
As a first stage I suggest seeking volunteers, on this mailing list or
others. Once we have volunteers to lead, we should vote. Since a team
project requires someone who would be accepted by the team, I suggest a
yes/no vote for each candidate in which the one to get most yes votes is
elected but has to have above 50% yes votes.
If nobody volunteers, or nobody wins the confidence of the team, I think
the conclusion would be that the project has reached its conclusion.
~ Ofer
Ofer Shezaf
ofer@shezaf.com ofer@shezaf.com, +972-54-4431119 <%2B972-54-4431119>
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
On 29.04.2015 22:59, Tony Turner wrote:
Ofer, I'd hate to see this project die. I'd be happy to assist if you have
not had any offers.
...
Hi Tony,
thanks for giving that project a fresh breath. I'm still highly interested.
Cheers,
Achim
Good Luck Tony.
Looking forward.
Cheers,
Ido
-----Original Message-----
From: wasc-wafec [mailto:wasc-wafec-bounces@lists.webappsec.org] On Behalf Of Achim Hoffmann
Sent: יום א 03 מאי 2015 12:54
To: wasc-wafec@lists.webappsec.org
Subject: Re: [WASC-WAFEC] Selecting a new leader
On 29.04.2015 22:59, Tony Turner wrote:
Ofer, I'd hate to see this project die. I'd be happy to assist if you
have not had any offers.
...
Hi Tony,
thanks for giving that project a fresh breath. I'm still highly interested.
Cheers,
Achim
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
Tony,
On Thu, Apr 30, 2015 at 6:59 AM, Tony Turner tony@sentinel24.com wrote:
· Willing to write the bulk of the document (highly recommended). -
I'd be happy to take this on, but can't do it alone. I'd be happy to drive
this effort though.
I've made available the discussion for Sections 1 to 5 of WAFEC v1 at
https://github.com/cmlh/WAFEC so a good place to start might be
Section 6 onwards?
I'd recommend that the changes to the content of WAFEC v1 be
considered prior to the stalled uplift to
http://projects.webappsec.org/w/page/60249779/WAFEC_2_Outline since
you'll want to document the changes between v1 to v2?
--
Regards,
Christian Heinrich