WASC Web Application Firewall Evaluation Criteria Project Mailing List
View all threadsDear Sirs,
At first I would really like to thank you in the name of the WASC, Ivan Ristic and Ofer Shezaf for your assistance in the WAFEC V1 project. I think you have achieved a lot regarding standardization of Web Application Firewall attributes.
To give you an impression about my history I would like to introduce myself:
I am the CEO of a German IT Service company. I am a certified architect at Microsoft, as well as a CITA-P architect at the vendor independent organization IASA. My focus is on security in cloud or virtual environments as well as on high availability and non-stop systems.
I am working as a security and web-security consultant and researcher for enterprise companies; actually I have finished a WAF project for a German insurance. My biggest project was the world youth day 2005 regarding all aspects of information technology, but the biggest focus was on security and availability within that project.
In my role as the project leader of V2 of WAFEC I will offer you the chance to attend the ongoing process of evolving Web Application Firewall criteria. During this project I will be assisted by my brother Mirko, who will introduce himself in a following mail.
I have in mind to process the following topics in Version 2:
· Review of WAFEC v1 / experiences, leaks,..
· What should a WAF protect against (In terms of WASC Threat Classification).
· Taxonomy for cloud based integrations.
· Process integrations for Test/Stage/Productive environments.
· Should there be a "threat-defend" protocol between WAFs and Infrastructure components (if yes, this should result in a RFC) ?
I am really impressed how many people have subscribed the mailing list and I am really looking forward to work together and elaborate Version 2. I will specify the above items in more detail as well as the next steps and project logistics in my next mail. In the meantime I would really appreciate comments and/or additions from your perspective.
We would really appreciate if you would attend version 2 to guaranty the success and the value for users and consultants during their daily work.
Regards.
Thorsten Wujek
[cid:image001.jpg@01CBC381.FDF9DFC0]
Mit freundlichen Grüßen
STEIN-IT GmbH
Thorsten Wujek
technischer Geschäftsführer
technical CEO
MCT,MCA,MASE
Neckarstraße 4. 45768 Marl
Fon +49 23 65 . 92 44 - 31
Fax +49 23 65 . 92 44 - 44
www.stein-edv.dehttp://www.stein-edv.de/
www.sony-repair.dehttp://www.sony-repair.de/
Thorsten.Wujek@stein-edv.demailto:thorsten.wujek@stein-edv.de
Schon entdeckt? Die STEIN-IT-Homepage präsentiert sich in neuem Design >>http://www.stein-edv.de/
[cid:image002.jpg@01CBC381.FDF9DFC0]
Ust.-Idnr.: DE 814703466
Steuer-Nr.: 359 5786 0059
Amtsgericht Gelsenkirchen, HRB 8639
Sitz und Gerichtsstand Marl
Geschäftsführer:
Joachim Matzek, Thorsten Wujek
I was about to comment on the kick-off publicly (via Twitter), when I
noticed that the mailing list archive is not available to the public.
I propose that we open the archive to the world. Any objections?
On 03/02/2011 08:08, Wujek Thorsten [STEIN-IT GmbH] wrote:
Dear Sirs,
At first I would really like to thank you in the name of the WASC, Ivan
Ristic and Ofer Shezaf for your assistance in the WAFEC V1 project. I
think you have achieved a lot regarding standardization of Web
Application Firewall attributes.
To give you an impression about my history I would like to introduce myself:
I am the CEO of a German IT Service company. I am a certified architect
at Microsoft, as well as a CITA-P architect at the vendor independent
organization IASA. My focus is on security in cloud or virtual
environments as well as on high availability and non-stop systems.
I am working as a security and web-security consultant and researcher
for enterprise companies; actually I have finished a WAF project for a
German insurance. My biggest project was the world youth day 2005
regarding all aspects of information technology, but the biggest focus
was on security and availability within that project.
In my role as the project leader of V2 of WAFEC I will offer you the
chance to attend the ongoing process of evolving Web Application
Firewall criteria. During this project I will be assisted by my brother
Mirko, who will introduce himself in a following mail.
I have in mind to process the following topics in Version 2:
· Review of WAFEC v1 / experiences, leaks,..
· What should a WAF protect against (In terms of WASC Threat
Classification).
· Taxonomy for cloud based integrations.
· Process integrations for Test/Stage/Productive environments.
· Should there be a “threat-defend” protocol between WAFs and
Infrastructure components (if yes, this should result in a RFC) ?
I am really impressed how many people have subscribed the mailing list
and I am really looking forward to work together and elaborate Version
2. I will specify the above items in more detail as well as the next
steps and project logistics in my next mail. In the meantime I would
really appreciate comments and/or additions from your perspective.
We would really appreciate if you would attend version 2 to guaranty the
success and the value for users and consultants during their daily work.
Regards.
Thorsten Wujek
Beschreibung: cid:image001.jpg@01C9F971.D8434E00
Mit freundlichen Grüßen
STEIN-IT GmbH
Thorsten Wujek
technischer Geschäftsführer
technical CEO
MCT,MCA,MASE**
Neckarstraße 4. 45768 Marl
Fon +49 23 65 . 92 44 - 31
Fax +49 23 65 . 92 44 - 44
www.stein-edv.de http://www.stein-edv.de/
www.sony-repair.de http://www.sony-repair.de/
Thorsten.Wujek@stein-edv.de mailto:thorsten.wujek@stein-edv.de
*Schon entdeckt?*Die STEIN-IT-Homepage präsentiert sich in neuem Design
Beschreibung: stein_banner_2010.jpg
Ust.-Idnr.: DE 814703466
Steuer-Nr.: 359 5786 0059
Amtsgericht Gelsenkirchen, HRB 8639
Sitz und Gerichtsstand Marl
Geschäftsführer:
Joachim Matzek, Thorsten Wujek
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
--
Ivan Ristić
Done.
On Thu, Feb 03, 2011 at 09:16:47AM +0000, Ivan Ristic wrote:
I was about to comment on the kick-off publicly (via Twitter), when I
noticed that the mailing list archive is not available to the public.
I propose that we open the archive to the world. Any objections?
On 03/02/2011 08:08, Wujek Thorsten [STEIN-IT GmbH] wrote:
Dear Sirs,
At first I would really like to thank you in the name of the WASC, Ivan
Ristic and Ofer Shezaf for your assistance in the WAFEC V1 project. I
think you have achieved a lot regarding standardization of Web
Application Firewall attributes.
To give you an impression about my history I would like to introduce myself:
I am the CEO of a German IT Service company. I am a certified architect
at Microsoft, as well as a CITA-P architect at the vendor independent
organization IASA. My focus is on security in cloud or virtual
environments as well as on high availability and non-stop systems.
I am working as a security and web-security consultant and researcher
for enterprise companies; actually I have finished a WAF project for a
German insurance. My biggest project was the world youth day 2005
regarding all aspects of information technology, but the biggest focus
was on security and availability within that project.
In my role as the project leader of V2 of WAFEC I will offer you the
chance to attend the ongoing process of evolving Web Application
Firewall criteria. During this project I will be assisted by my brother
Mirko, who will introduce himself in a following mail.
I have in mind to process the following topics in Version 2:
?? Review of WAFEC v1 / experiences, leaks,..
?? What should a WAF protect against (In terms of WASC Threat
Classification).
?? Taxonomy for cloud based integrations.
?? Process integrations for Test/Stage/Productive environments.
?? Should there be a ???threat-defend??? protocol between WAFs and
Infrastructure components (if yes, this should result in a RFC) ?
I am really impressed how many people have subscribed the mailing list
and I am really looking forward to work together and elaborate Version
2. I will specify the above items in more detail as well as the next
steps and project logistics in my next mail. In the meantime I would
really appreciate comments and/or additions from your perspective.
We would really appreciate if you would attend version 2 to guaranty the
success and the value for users and consultants during their daily work.
Regards.
Thorsten Wujek
Beschreibung: cid:image001.jpg@01C9F971.D8434E00
Mit freundlichen Gr????en
STEIN-IT GmbH
Thorsten Wujek
technischer Gesch??ftsf??hrer
technical CEO
MCT,MCA,MASE**
Neckarstra??e 4. 45768 Marl
Fon +49 23 65 . 92 44 - 31
Fax +49 23 65 . 92 44 - 44
www.stein-edv.de http://www.stein-edv.de/
www.sony-repair.de http://www.sony-repair.de/
Thorsten.Wujek@stein-edv.de mailto:thorsten.wujek@stein-edv.de
*Schon entdeckt?*Die STEIN-IT-Homepage pr??sentiert sich in neuem Design
Beschreibung: stein_banner_2010.jpg
Ust.-Idnr.: DE 814703466
Steuer-Nr.: 359 5786 0059
Amtsgericht Gelsenkirchen, HRB 8639
Sitz und Gerichtsstand Marl
Gesch??ftsf??hrer:
Joachim Matzek, Thorsten Wujek
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
--
Ivan Risti??
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org