I'm curious about slide 73 listing Imperva as a partner. (as well as Trend Micro and Alert Logic). Does that mean its Incapsula or SecureSphere providing WAF services? What's Imperva's role in the AWS WAF service? On Thu, Oct 8, 2015 at 12:50 AM, Christian Folini < christian.folini@netnea.com> wrote: > Hi there, > > On Thu, Oct 08, 2015 at 03:23:59PM +1100, Christian Heinrich wrote: > > > http://www.slideshare.net/AmazonWebServices/sec323-new-securing-web-applications-with-aws-waf > > are the slides of the WAF Product from Amazon Web Services: > > Has anybody used this? It says it is easy to integrate, but the slides > makes it look awful to handle false positives. > > I like the "pay by the number of rules you use" approach though. > That's a business model! > > Ahoj, > > Christian Folini > > > -- > For my part I believe in the forgiveness of sin and the redemption of > ignorance. > -- Adlai Stevenson > -- Tony Turner OWASP Orlando Chapter Founder/Co-Leader WAFEC Project Leader STING Game Project Leader tony.turner@owasp.org https://www.owasp.org/index.php/Orlando

At the risk of being too commercial, I’m attaching a link to the Imperva blog where we announced our intention to offer IP reputation as a service for AWS WAF. I think there is opportunity in the long term to do more, but for now the integration is focused on IP reputation. If anyone would like to get more information, I’d be happy to discuss offline. http://blog.imperva.com/2015/10/imperva-threatradar-for-aws-waf.html From: wasc-wafec [mailto:wasc-wafec-bounces@lists.webappsec.org] On Behalf Of Tony Turner Sent: Thursday, October 08, 2015 5:16 AM To: Christian Folini Cc: wasc-wafec@lists.webappsec.org Subject: Re: [WASC-WAFEC] AWS WAF I'm curious about slide 73 listing Imperva as a partner. (as well as Trend Micro and Alert Logic). Does that mean its Incapsula or SecureSphere providing WAF services? What's Imperva's role in the AWS WAF service? On Thu, Oct 8, 2015 at 12:50 AM, Christian Folini <christian.folini@netnea.com<mailto:christian.folini@netnea.com>> wrote: Hi there, On Thu, Oct 08, 2015 at 03:23:59PM +1100, Christian Heinrich wrote: > http://www.slideshare.net/AmazonWebServices/sec323-new-securing-web-applications-with-aws-waf > are the slides of the WAF Product from Amazon Web Services: Has anybody used this? It says it is easy to integrate, but the slides makes it look awful to handle false positives. I like the "pay by the number of rules you use" approach though. That's a business model! Ahoj, Christian Folini -- For my part I believe in the forgiveness of sin and the redemption of ignorance. -- Adlai Stevenson -- Tony Turner OWASP Orlando Chapter Founder/Co-Leader WAFEC Project Leader STING Game Project Leader tony.turner@owasp.org<mailto:tony.turner@owasp.org> https://www.owasp.org/index.php/Orlando

Thanks Mark. That's helpful. I did ask specifically what the relationship with Imperva was. For anyone following this thread, in the next version of WAFEC we intend to call out IP Reputation and associated threat feed capabilities as an extrinsic criteria that will only be used for evaluation if that is a capability specified by the evaluator. Currently this is not considered a core, or intrinsic, criteria for WAF evaluation. On Thu, Oct 8, 2015 at 10:19 AM, Mark Kraynak <mark@imperva.com> wrote: > At the risk of being too commercial, I’m attaching a link to the Imperva > blog where we announced our intention to offer IP reputation as a service > for AWS WAF. I think there is opportunity in the long term to do more, but > for now the integration is focused on IP reputation. If anyone would like > to get more information, I’d be happy to discuss offline. > > > > http://blog.imperva.com/2015/10/imperva-threatradar-for-aws-waf.html > > > > *From:* wasc-wafec [mailto:wasc-wafec-bounces@lists.webappsec.org] *On > Behalf Of *Tony Turner > *Sent:* Thursday, October 08, 2015 5:16 AM > *To:* Christian Folini > *Cc:* wasc-wafec@lists.webappsec.org > *Subject:* Re: [WASC-WAFEC] AWS WAF > > > > I'm curious about slide 73 listing Imperva as a partner. (as well as Trend > Micro and Alert Logic). Does that mean its Incapsula or SecureSphere > providing WAF services? What's Imperva's role in the AWS WAF service? > > > > On Thu, Oct 8, 2015 at 12:50 AM, Christian Folini < > christian.folini@netnea.com> wrote: > > Hi there, > > On Thu, Oct 08, 2015 at 03:23:59PM +1100, Christian Heinrich wrote: > > > http://www.slideshare.net/AmazonWebServices/sec323-new-securing-web-applications-with-aws-waf > > are the slides of the WAF Product from Amazon Web Services: > > Has anybody used this? It says it is easy to integrate, but the slides > makes it look awful to handle false positives. > > I like the "pay by the number of rules you use" approach though. > That's a business model! > > Ahoj, > > Christian Folini > > > -- > For my part I believe in the forgiveness of sin and the redemption of > ignorance. > -- Adlai Stevenson > > > > > > -- > > Tony Turner > OWASP Orlando Chapter Founder/Co-Leader > > WAFEC Project Leader > > STING Game Project Leader > tony.turner@owasp.org > > https://www.owasp.org/index.php/Orlando > -- Tony Turner OWASP Orlando Chapter Founder/Co-Leader WAFEC Project Leader STING Game Project Leader tony.turner@owasp.org https://www.owasp.org/index.php/Orlando