WASC Web Application Firewall Evaluation Criteria Project Mailing List
View all threadsOfer,
Just a reminder below are the comments that I made in March/April 2011 in
relation to Sections 1-4 of WAFEC v1:
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-March/000055.html
2.
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-March/000054.html
3.
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-April/000060.html
4.
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-April/000061.html
I am willing to be assigned as the reviewer for the corresponding
section(s) of WAFEC v2 to ensure that these are integrated into the
deliverable?
I also have some availability from 24-31 December so if the respective
authors could deliver these sections of WAFEC v2 first (i.e. prior to 31
December) then I can commence their review earlier. If this is not
possible then this is no problem either.
On Mon, Dec 10, 2012 at 11:55 PM, Ofer Shezaf ofer@shezaf.com wrote:
Hi All,****
As the target date for submitting a draft for the different sections is
getting near (Dec 31st!), I would like to touch on few points regarding
process****
First, I will take the chapters no one volunteered for.****
Formats, submission and reviews:****
· Contributors:
o Each contributor can select whatever format they wish to write
in, as long as they can share with the list in a format that everyone can
read and that I can aggregate later on. HTML would be best. If you use a
Word, share with the list in PDF and send me the word file for
consolidation once the time comes.
o You can either use the WAFEC Wiki to upload the files (I can
assist) or store wherever you want (for example OWASP wiki). Send only
links to the list.
· Reviewers:
o Please send your comments publicly to the list. I think the
discussion should be public.
· When the final drafts are in, I will consolidate the
documents to ensure consistent formatting.
Schedule:****
· Dec 31st - 1st draft
· Jan 22nd – review period
· Jan 31st – final draft incorporating review.
**· *Feb 25th – RSA – I would like to shoot for actually
releasing for RSA. Let’s make final decision once the 1st drafts are out.
As a reminder, this is the list of contributors:****
- Introduction - *Ofer Shezaf* ****
- What is a WAF? - *Achim Hoffmann*****
- Security - threats and mitigation - *Ryan Barnett*****
- Security - protection techniques - *Ryan Barnett*****
- Environment suitability (Deployment Options) - *Mark Kraynak* ****
- Supporting functionality - management, reporting and analytic,
security* - Ofer Shezaf*****
- Supporting functionality - Performance, reliability, physical
characteristics* - Ofer Shezaf*****
- Supporting functionality - integration* - Ofer Shezaf*****
- Appendix - Integrated Related Features - *Erwin Huber*****
- Appendix - none technical criteria - *Erwin Huber*****
- Appendix - alternative solutions - *Ofer Shezaf*****
~ Ofer****
Ofer Shezaf****
[+972-54-4431119; ofer@shezaf.com, www.shezaf.com]****
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
--
Regards,
Christian Heinrich
Hi Christian,
Sorry for the late reply. All sections will be published for everyone for
review (I may regret that as it might mean no one will really review.). This
would enable you to review the relevant sections. As to publishing earlier..
I set up condensed timeframe as it is.
Thanks!
~ Ofer
From: Christian Heinrich [mailto:christian.heinrich@cmlh.id.au]
Sent: Tuesday, December 11, 2012 3:34 AM
To: Ofer Shezaf
Cc: wasc-wafec@lists.webappsec.org
Subject: Reviewer of Corresponding Sections 1-4 of v1
Ofer,
Just a reminder below are the comments that I made in March/April 2011 in
relation to Sections 1-4 of WAFEC v1:
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-Mar
ch/000055.html
2.
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-Mar
ch/000054.html
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-Apr
il/000060.html
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-Apr
il/000061.html
I am willing to be assigned as the reviewer for the corresponding section(s)
of WAFEC v2 to ensure that these are integrated into the deliverable?
I also have some availability from 24-31 December so if the respective
authors could deliver these sections of WAFEC v2 first (i.e. prior to 31
December) then I can commence their review earlier. If this is not possible
then this is no problem either.
On Mon, Dec 10, 2012 at 11:55 PM, Ofer Shezaf <ofer@shezaf.com
mailto:ofer@shezaf.com > wrote:
Hi All,
As the target date for submitting a draft for the different sections is
getting near (Dec 31st!), I would like to touch on few points regarding
process
First, I will take the chapters no one volunteered for.
Formats, submission and reviews:
Contributors:
o Each contributor can select whatever format they wish to write in, as
long as they can share with the list in a format that everyone can read and
that I can aggregate later on. HTML would be best. If you use a Word, share
with the list in PDF and send me the word file for consolidation once the
time comes.
o You can either use the WAFEC Wiki to upload the files (I can assist) or
store wherever you want (for example OWASP wiki). Send only links to the
list.
Reviewers:
o Please send your comments publicly to the list. I think the discussion
should be public.
When the final drafts are in, I will consolidate the documents to
ensure consistent formatting.
Schedule:
Dec 31st - 1st draft
Jan 22nd - review period
Jan 31st - final draft incorporating review.
Feb 25th - RSA - I would like to shoot for actually releasing for
RSA. Let's make final decision once the 1st drafts are out.
As a reminder, this is the list of contributors:
~ Ofer
Ofer Shezaf
[+972-54-4431119 tel:%5B%2B972-54-4431119 ; ofer@shezaf.com
mailto:ofer@shezaf.com , www.shezaf.com http://www.shezaf.com ]
wasc-wafec mailing list
wasc-wafec@lists.webappsec.org mailto:wasc-wafec@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org
--
Regards,
Christian Heinrich
Ofer,
No problem, should I just contact and co-contribute with those listed
on 10 December then i.e.
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2012-December/000192.html?
Also, has the ToC for v2 been mapped to v1 yet (based on the
correspondence from 10 December i.e.
http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2012-December/000192.html)?
If not I am willing to work on this in the interim too?
On Fri, Dec 21, 2012 at 7:51 AM, Ofer Shezaf ofer@shezaf.com wrote:
Sorry for the late reply. All sections will be published for everyone for
review (I may regret that as it might mean no one will really review…). This
would enable you to review the relevant sections. As to publishing earlier….
I set up condensed timeframe as it is.
--
Regards,
Christian Heinrich