Dear Sirs, At first I would really like to thank you in the name of the WASC, Ivan Ristic and Ofer Shezaf for your assistance in the WAFEC V1 project. I think you have achieved a lot regarding standardization of Web Application Firewall attributes. To give you an impression about my history I would like to introduce myself: I am the CEO of a German IT Service company. I am a certified architect at Microsoft, as well as a CITA-P architect at the vendor independent organization IASA. My focus is on security in cloud or virtual environments as well as on high availability and non-stop systems. I am working as a security and web-security consultant and researcher for enterprise companies; actually I have finished a WAF project for a German insurance. My biggest project was the world youth day 2005 regarding all aspects of information technology, but the biggest focus was on security and availability within that project. In my role as the project leader of V2 of WAFEC I will offer you the chance to attend the ongoing process of evolving Web Application Firewall criteria. During this project I will be assisted by my brother Mirko, who will introduce himself in a following mail. I have in mind to process the following topics in Version 2: · Review of WAFEC v1 / experiences, leaks,.. · What should a WAF protect against (In terms of WASC Threat Classification). · Taxonomy for cloud based integrations. · Process integrations for Test/Stage/Productive environments. · Should there be a "threat-defend" protocol between WAFs and Infrastructure components (if yes, this should result in a RFC) ? I am really impressed how many people have subscribed the mailing list and I am really looking forward to work together and elaborate Version 2. I will specify the above items in more detail as well as the next steps and project logistics in my next mail. In the meantime I would really appreciate comments and/or additions from your perspective. We would really appreciate if you would attend version 2 to guaranty the success and the value for users and consultants during their daily work. Regards. Thorsten Wujek [cid:image001.jpg@01CBC381.FDF9DFC0] Mit freundlichen Grüßen STEIN-IT GmbH Thorsten Wujek technischer Geschäftsführer technical CEO MCT,MCA,MASE Neckarstraße 4. 45768 Marl Fon +49 23 65 . 92 44 - 31 Fax +49 23 65 . 92 44 - 44 www.stein-edv.de<http://www.stein-edv.de/> www.sony-repair.de<http://www.sony-repair.de/> Thorsten.Wujek@stein-edv.de<mailto:thorsten.wujek@stein-edv.de> Schon entdeckt? Die STEIN-IT-Homepage präsentiert sich in neuem Design >><http://www.stein-edv.de/> [cid:image002.jpg@01CBC381.FDF9DFC0] Ust.-Idnr.: DE 814703466 Steuer-Nr.: 359 5786 0059 Amtsgericht Gelsenkirchen, HRB 8639 Sitz und Gerichtsstand Marl Geschäftsführer: Joachim Matzek, Thorsten Wujek

I was about to comment on the kick-off publicly (via Twitter), when I noticed that the mailing list archive is not available to the public. I propose that we open the archive to the world. Any objections? On 03/02/2011 08:08, Wujek Thorsten [STEIN-IT GmbH] wrote: > Dear Sirs, > > At first I would really like to thank you in the name of the WASC, Ivan > Ristic and Ofer Shezaf for your assistance in the WAFEC V1 project. I > think you have achieved a lot regarding standardization of Web > Application Firewall attributes. > > To give you an impression about my history I would like to introduce myself: > > I am the CEO of a German IT Service company. I am a certified architect > at Microsoft, as well as a CITA-P architect at the vendor independent > organization IASA. My focus is on security in cloud or virtual > environments as well as on high availability and non-stop systems. > > I am working as a security and web-security consultant and researcher > for enterprise companies; actually I have finished a WAF project for a > German insurance. My biggest project was the world youth day 2005 > regarding all aspects of information technology, but the biggest focus > was on security and availability within that project. > > In my role as the project leader of V2 of WAFEC I will offer you the > chance to attend the ongoing process of evolving Web Application > Firewall criteria. During this project I will be assisted by my brother > Mirko, who will introduce himself in a following mail. > > I have in mind to process the following topics in Version 2: > > > > · Review of WAFEC v1 / experiences, leaks,.. > > · What should a WAF protect against (In terms of WASC Threat > Classification). > > · Taxonomy for cloud based integrations. > > · Process integrations for Test/Stage/Productive environments. > > · Should there be a “threat-defend” protocol between WAFs and > Infrastructure components (if yes, this should result in a RFC) ? > > > > I am really impressed how many people have subscribed the mailing list > and I am really looking forward to work together and elaborate Version > 2. I will specify the above items in more detail as well as the next > steps and project logistics in my next mail. In the meantime I would > really appreciate comments and/or additions from your perspective. > > We would really appreciate if you would attend version 2 to guaranty the > success and the value for users and consultants during their daily work. > > > > Regards. > > > > Thorsten Wujek > > > > > > > > Beschreibung: cid:image001.jpg@01C9F971.D8434E00 > Mit freundlichen Grüßen > STEIN-IT GmbH > Thorsten Wujek > technischer Geschäftsführer > technical CEO > > > > *MCT,MCA,MASE*** > > > > > > > Neckarstraße 4. 45768 Marl > Fon +49 23 65 . 92 44 - 31 > Fax +49 23 65 . 92 44 - 44 > > > > www.stein-edv.de <http://www.stein-edv.de/> > www.sony-repair.de <http://www.sony-repair.de/> > Thorsten.Wujek@stein-edv.de <mailto:thorsten.wujek@stein-edv.de> > > > *Schon entdeckt?*Die STEIN-IT-Homepage präsentiert sich in neuem Design >>> <http://www.stein-edv.de/> > > Beschreibung: stein_banner_2010.jpg > > > Ust.-Idnr.: DE 814703466 > Steuer-Nr.: 359 5786 0059 > > > > Amtsgericht Gelsenkirchen, HRB 8639 > Sitz und Gerichtsstand Marl > > > > Geschäftsführer: > Joachim Matzek, Thorsten Wujek > > > > > > > > > > _______________________________________________ > wasc-wafec mailing list > wasc-wafec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org -- Ivan Ristić

Done. On Thu, Feb 03, 2011 at 09:16:47AM +0000, Ivan Ristic wrote: > I was about to comment on the kick-off publicly (via Twitter), when I > noticed that the mailing list archive is not available to the public. > > I propose that we open the archive to the world. Any objections? > > > On 03/02/2011 08:08, Wujek Thorsten [STEIN-IT GmbH] wrote: > > Dear Sirs, > > > > At first I would really like to thank you in the name of the WASC, Ivan > > Ristic and Ofer Shezaf for your assistance in the WAFEC V1 project. I > > think you have achieved a lot regarding standardization of Web > > Application Firewall attributes. > > > > To give you an impression about my history I would like to introduce myself: > > > > I am the CEO of a German IT Service company. I am a certified architect > > at Microsoft, as well as a CITA-P architect at the vendor independent > > organization IASA. My focus is on security in cloud or virtual > > environments as well as on high availability and non-stop systems. > > > > I am working as a security and web-security consultant and researcher > > for enterprise companies; actually I have finished a WAF project for a > > German insurance. My biggest project was the world youth day 2005 > > regarding all aspects of information technology, but the biggest focus > > was on security and availability within that project. > > > > In my role as the project leader of V2 of WAFEC I will offer you the > > chance to attend the ongoing process of evolving Web Application > > Firewall criteria. During this project I will be assisted by my brother > > Mirko, who will introduce himself in a following mail. > > > > I have in mind to process the following topics in Version 2: > > > > > > > > ?? Review of WAFEC v1 / experiences, leaks,.. > > > > ?? What should a WAF protect against (In terms of WASC Threat > > Classification). > > > > ?? Taxonomy for cloud based integrations. > > > > ?? Process integrations for Test/Stage/Productive environments. > > > > ?? Should there be a ???threat-defend??? protocol between WAFs and > > Infrastructure components (if yes, this should result in a RFC) ? > > > > > > > > I am really impressed how many people have subscribed the mailing list > > and I am really looking forward to work together and elaborate Version > > 2. I will specify the above items in more detail as well as the next > > steps and project logistics in my next mail. In the meantime I would > > really appreciate comments and/or additions from your perspective. > > > > We would really appreciate if you would attend version 2 to guaranty the > > success and the value for users and consultants during their daily work. > > > > > > > > Regards. > > > > > > > > Thorsten Wujek > > > > > > > > > > > > > > > > Beschreibung: cid:image001.jpg@01C9F971.D8434E00 > > Mit freundlichen Gr????en > > STEIN-IT GmbH > > Thorsten Wujek > > technischer Gesch??ftsf??hrer > > technical CEO > > > > > > > > *MCT,MCA,MASE*** > > > > > > > > > > > > > > Neckarstra??e 4. 45768 Marl > > Fon +49 23 65 . 92 44 - 31 > > Fax +49 23 65 . 92 44 - 44 > > > > > > > > www.stein-edv.de <http://www.stein-edv.de/> > > www.sony-repair.de <http://www.sony-repair.de/> > > Thorsten.Wujek@stein-edv.de <mailto:thorsten.wujek@stein-edv.de> > > > > > > *Schon entdeckt?*Die STEIN-IT-Homepage pr??sentiert sich in neuem Design > >>> <http://www.stein-edv.de/> > > > > Beschreibung: stein_banner_2010.jpg > > > > > > Ust.-Idnr.: DE 814703466 > > Steuer-Nr.: 359 5786 0059 > > > > > > > > Amtsgericht Gelsenkirchen, HRB 8639 > > Sitz und Gerichtsstand Marl > > > > > > > > Gesch??ftsf??hrer: > > Joachim Matzek, Thorsten Wujek > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > wasc-wafec mailing list > > wasc-wafec@lists.webappsec.org > > http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org > > > -- > Ivan Risti?? > > _______________________________________________ > wasc-wafec mailing list > wasc-wafec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org