- Introduction - *Ofer Shezaf* ****
- What is a WAF? - *Achim Hoffmann*****
- Security - threats and mitigation - *Ryan Barnett*****
- Security - protection techniques - *Ryan Barnett*****
- Environment suitability (Deployment Options) - *Mark Kraynak* ****
- Supporting functionality - management, reporting and analytic,
security* - Ofer Shezaf*****
- Supporting functionality -  Performance, reliability, physical
characteristics* - Ofer Shezaf*****
- Supporting functionality - integration* - Ofer Shezaf*****
- Appendix - Integrated Related Features - *Erwin Huber*****
- Appendix - none technical criteria  - *Erwin Huber*****
- Appendix - alternative solutions - *Ofer Shezaf*****

Ofer, Just a reminder below are the comments that I made in March/April 2011 in relation to Sections 1-4 of WAFEC v1: 1. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-March/000055.html 2. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-March/000054.html 3. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-April/000060.html 4. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-April/000061.html I am willing to be assigned as the reviewer for the corresponding section(s) of WAFEC v2 to ensure that these are integrated into the deliverable? I also have some availability from 24-31 December so if the respective authors could deliver these sections of WAFEC v2 first (i.e. prior to 31 December) then I can commence their review earlier. If this is not possible then this is no problem either. On Mon, Dec 10, 2012 at 11:55 PM, Ofer Shezaf <ofer@shezaf.com> wrote: > Hi All,**** > > ** ** > > As the target date for submitting a draft for the different sections is > getting near (Dec 31st!), I would like to touch on few points regarding > process**** > > ** ** > > First, I will take the chapters no one volunteered for.**** > > ** ** > > Formats, submission and reviews:**** > > **· **Contributors:**** > > **o **Each contributor can select whatever format they wish to write > in, as long as they can share with the list in a format that everyone can > read and that I can aggregate later on. HTML would be best. If you use a > Word, share with the list in PDF and send me the word file for > consolidation once the time comes.**** > > **o **You can either use the WAFEC Wiki to upload the files (I can > assist) or store wherever you want (for example OWASP wiki). Send only > links to the list.**** > > **· **Reviewers:**** > > **o **Please send your comments publicly to the list. I think the > discussion should be public.**** > > **· **When the final drafts are in, I will consolidate the > documents to ensure consistent formatting.**** > > ** ** > > Schedule:**** > > **· **Dec 31st - 1st draft**** > > **· **Jan 22nd – review period**** > > **· **Jan 31st – final draft incorporating review.**** > > **· **Feb 25th – RSA – I would like to shoot for actually > releasing for RSA. Let’s make final decision once the 1st drafts are out.* > *** > > ** ** > > As a reminder, this is the list of contributors:**** > > - Introduction - *Ofer Shezaf* **** > - What is a WAF? - *Achim Hoffmann***** > - Security - threats and mitigation - *Ryan Barnett***** > - Security - protection techniques - *Ryan Barnett***** > - Environment suitability (Deployment Options) - *Mark Kraynak* **** > - Supporting functionality - management, reporting and analytic, > security* - Ofer Shezaf***** > - Supporting functionality - Performance, reliability, physical > characteristics* - Ofer Shezaf***** > - Supporting functionality - integration* - Ofer Shezaf***** > - Appendix - Integrated Related Features - *Erwin Huber***** > - Appendix - none technical criteria - *Erwin Huber***** > - Appendix - alternative solutions - *Ofer Shezaf***** > > ** ** > > ~ Ofer**** > > ** ** > > Ofer Shezaf**** > > [+972-54-4431119; ofer@shezaf.com, www.shezaf.com]**** > > ** ** > > _______________________________________________ > wasc-wafec mailing list > wasc-wafec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org > > -- Regards, Christian Heinrich http://cmlh.id.au/contact

Hi Christian, Sorry for the late reply. All sections will be published for everyone for review (I may regret that as it might mean no one will really review.). This would enable you to review the relevant sections. As to publishing earlier.. I set up condensed timeframe as it is. Thanks! ~ Ofer From: Christian Heinrich [mailto:christian.heinrich@cmlh.id.au] Sent: Tuesday, December 11, 2012 3:34 AM To: Ofer Shezaf Cc: wasc-wafec@lists.webappsec.org Subject: Reviewer of Corresponding Sections 1-4 of v1 Ofer, Just a reminder below are the comments that I made in March/April 2011 in relation to Sections 1-4 of WAFEC v1: 1. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-Mar ch/000055.html 2. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-Mar ch/000054.html 3. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-Apr il/000060.html 4. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2011-Apr il/000061.html I am willing to be assigned as the reviewer for the corresponding section(s) of WAFEC v2 to ensure that these are integrated into the deliverable? I also have some availability from 24-31 December so if the respective authors could deliver these sections of WAFEC v2 first (i.e. prior to 31 December) then I can commence their review earlier. If this is not possible then this is no problem either. On Mon, Dec 10, 2012 at 11:55 PM, Ofer Shezaf <ofer@shezaf.com <mailto:ofer@shezaf.com> > wrote: Hi All, As the target date for submitting a draft for the different sections is getting near (Dec 31st!), I would like to touch on few points regarding process First, I will take the chapters no one volunteered for. Formats, submission and reviews: * Contributors: o Each contributor can select whatever format they wish to write in, as long as they can share with the list in a format that everyone can read and that I can aggregate later on. HTML would be best. If you use a Word, share with the list in PDF and send me the word file for consolidation once the time comes. o You can either use the WAFEC Wiki to upload the files (I can assist) or store wherever you want (for example OWASP wiki). Send only links to the list. * Reviewers: o Please send your comments publicly to the list. I think the discussion should be public. * When the final drafts are in, I will consolidate the documents to ensure consistent formatting. Schedule: * Dec 31st - 1st draft * Jan 22nd - review period * Jan 31st - final draft incorporating review. * Feb 25th - RSA - I would like to shoot for actually releasing for RSA. Let's make final decision once the 1st drafts are out. As a reminder, this is the list of contributors: * Introduction - Ofer Shezaf * What is a WAF? - Achim Hoffmann * Security - threats and mitigation - Ryan Barnett * Security - protection techniques - Ryan Barnett * Environment suitability (Deployment Options) - Mark Kraynak * Supporting functionality - management, reporting and analytic, security - Ofer Shezaf * Supporting functionality - Performance, reliability, physical characteristics - Ofer Shezaf * Supporting functionality - integration - Ofer Shezaf * Appendix - Integrated Related Features - Erwin Huber * Appendix - none technical criteria - Erwin Huber * Appendix - alternative solutions - Ofer Shezaf ~ Ofer Ofer Shezaf [+972-54-4431119 <tel:%5B%2B972-54-4431119> ; ofer@shezaf.com <mailto:ofer@shezaf.com> , www.shezaf.com <http://www.shezaf.com> ] _______________________________________________ wasc-wafec mailing list wasc-wafec@lists.webappsec.org <mailto:wasc-wafec@lists.webappsec.org> http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org -- Regards, Christian Heinrich http://cmlh.id.au/contact

Ofer, No problem, should I just contact and co-contribute with those listed on 10 December then i.e. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2012-December/000192.html? Also, has the ToC for v2 been mapped to v1 yet (based on the correspondence from 10 December i.e. http://lists.webappsec.org/pipermail/wasc-wafec_lists.webappsec.org/2012-December/000192.html)? If not I am willing to work on this in the interim too? On Fri, Dec 21, 2012 at 7:51 AM, Ofer Shezaf <ofer@shezaf.com> wrote: > Sorry for the late reply. All sections will be published for everyone for > review (I may regret that as it might mean no one will really review…). This > would enable you to review the relevant sections. As to publishing earlier…. > I set up condensed timeframe as it is. -- Regards, Christian Heinrich http://cmlh.id.au/contact