WASC Web Application Firewall Evaluation Criteria Project Mailing List
View all threads1.2.1
Just a typo...
Different WAFs cam mitigate the same
To
Different WAFs can mitigate the same
2.1.1 How does a WAF work (technical)
I miss the relationship/differentiation between WAF and IDS/IPS in the
definition.
While they are clearly distinct, they operate in a very similar way,
but with different focus/view/target of traffic. The IDS/IPS match
rules/behavior in packets or streams, watching the full protocol
spectrum of a network. WAF in their side, watch a web application (not
only a packet), interpreting HTTP protocols, validating/analyzing web
services requests (SOAP/RESTfull), doing this even in encrypted
traffic with SSL, and it can correlate the request and response.
2.1.2 Why the name WAF (historical)
In "Today there are more names, like...Next Generation Firewall"
I don't see the "Next Generation Firewall" associated to WAF in the
market/literature. Some NGF vendors indeed make a clear
differentiation between their products and WAF's. Considering they
both are current terms, I think that is better to WAFEC2 not correlate
both.
I'll send other comments for the next topics later.
Best Regards,
Klaubert Herr
Hi Klaubert Herr and Achim,
I think that Klaubert Herr makes an important point in both the remark about
IPS and Next Gen FW. An important goal of WAFEC is to make the distinction
between WAFs and other security systems. IPS and NG-FW are certainly
different than WAFs in both goals (the important part) and methodology (less
important but still worth noting).
Of special importance is the difference between WAFs and IPSs as too many of
the latter present themselves as WAFs for PCI purposes. Klaubert Herr
provides an interesting take on the difference, and while I mostly agree,
details are of importance. For example, is correlating inbound and outbound
(traffic? Events?) mandatory for a WAF?
To that end, I agree with Klaubert Herr that those questions must be
answered in chapter 2.
~ Ofer
-----Original Message-----
From: wasc-wafec [mailto:wasc-wafec-bounces@lists.webappsec.org] On Behalf
Of Klaubert Herr da Silveira
Sent: Tuesday, January 22, 2013 1:06 AM
To: wasc-wafec@lists.webappsec.org
Subject: [WASC-WAFEC] WAFEC 2.0 Comments chapters 1 and 2
1.2.1
Just a typo...
Different WAFs cam mitigate the same
To
Different WAFs can mitigate the same
2.1.1 How does a WAF work (technical)
I miss the relationship/differentiation between WAF and IDS/IPS in the
definition.
While they are clearly distinct, they operate in a very similar way, but
with different focus/view/target of traffic. The IDS/IPS match
rules/behavior in packets or streams, watching the full protocol spectrum of
a network. WAF in their side, watch a web application (not only a packet),
interpreting HTTP protocols, validating/analyzing web services requests
(SOAP/RESTfull), doing this even in encrypted traffic with SSL, and it can
correlate the request and response.
2.1.2 Why the name WAF (historical)
In "Today there are more names, like...Next Generation Firewall"
I don't see the "Next Generation Firewall" associated to WAF in the
market/literature. Some NGF vendors indeed make a clear differentiation
between their products and WAF's. Considering they both are current terms, I
think that is better to WAFEC2 not correlate both.
I'll send other comments for the next topics later.
Best Regards,
Klaubert Herr
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
Hi Ofer, Klaubert,
currently I'm doing a rewrite of my first version. This will will include
all your suggestions. Hope to get it ready at end of week ...
Achim
Am 28.01.2013 21:59, schrieb Ofer Shezaf:
Hi Klaubert Herr and Achim,
I think that Klaubert Herr makes an important point in both the remark about
IPS and Next Gen FW. An important goal of WAFEC is to make the distinction
between WAFs and other security systems. IPS and NG-FW are certainly
different than WAFs in both goals (the important part) and methodology (less
important but still worth noting).
Of special importance is the difference between WAFs and IPSs as too many of
the latter present themselves as WAFs for PCI purposes. Klaubert Herr
provides an interesting take on the difference, and while I mostly agree,
details are of importance. For example, is correlating inbound and outbound
(traffic? Events?) mandatory for a WAF?
To that end, I agree with Klaubert Herr that those questions must be
answered in chapter 2.
~ Ofer
-----Original Message-----
From: wasc-wafec [mailto:wasc-wafec-bounces@lists.webappsec.org] On Behalf
Of Klaubert Herr da Silveira
Sent: Tuesday, January 22, 2013 1:06 AM
To: wasc-wafec@lists.webappsec.org
Subject: [WASC-WAFEC] WAFEC 2.0 Comments chapters 1 and 2
1.2.1
Just a typo...
Different WAFs cam mitigate the same
To
Different WAFs can mitigate the same
2.1.1 How does a WAF work (technical)
I miss the relationship/differentiation between WAF and IDS/IPS in the
definition.
While they are clearly distinct, they operate in a very similar way, but
with different focus/view/target of traffic. The IDS/IPS match
rules/behavior in packets or streams, watching the full protocol spectrum of
a network. WAF in their side, watch a web application (not only a packet),
interpreting HTTP protocols, validating/analyzing web services requests
(SOAP/RESTfull), doing this even in encrypted traffic with SSL, and it can
correlate the request and response.
2.1.2 Why the name WAF (historical)
In "Today there are more names, like...Next Generation Firewall"
I don't see the "Next Generation Firewall" associated to WAF in the
market/literature. Some NGF vendors indeed make a clear differentiation
between their products and WAF's. Considering they both are current terms, I
think that is better to WAFEC2 not correlate both.
I'll send other comments for the next topics later.
Best Regards,
Klaubert Herr