Ofer, On Wed, Jun 6, 2012 at 9:39 PM, Ofer Shezaf <ofer@shezaf.com> wrote: > · Approaching NSS, ICSA and the likes to use WAFEC I saw a mention of https://www.icsalabs.com/technology-program/web-application-firewalls/web-application-firewall-certification-criteria in the various media releases of vendors as part of the recently announced Gartner Magic Quadrant. I believe our approach should be similar to that ingesting the Gartner Magic Quadrant into WAFEC i.e. correlate what is missing from WAFEC according to ICSA and after due diligence incorporate it into the next release of WAFEC? Furthermore, NSS might adopt our approach and therefore increase our exposure. Your thoughts? -- Regards, Christian Heinrich http://cmlh.id.au/contact

We would certainly be willing to discuss incorporating WAFEC into our certification requirements. Brian Monkman Network Security Programs Manager ICSA Labs -----Original Message----- From: Christian Heinrich [christian.heinrich@cmlh.id.au<mailto:christian.heinrich@cmlh.id.au>] Sent: Friday, June 20, 2014 06:58 PM Eastern Standard Time To: Ofer Shezaf Cc: wasc-wafec@lists.webappsec.org Subject: Re: [WASC-WAFEC] ISCA WAF Certification Criteria Ofer, On Wed, Jun 6, 2012 at 9:39 PM, Ofer Shezaf <ofer@shezaf.com> wrote: > · Approaching NSS, ICSA and the likes to use WAFEC I saw a mention of https://www.icsalabs.com/technology-program/web-application-firewalls/web-application-firewall-certification-criteria in the various media releases of vendors as part of the recently announced Gartner Magic Quadrant. I believe our approach should be similar to that ingesting the Gartner Magic Quadrant into WAFEC i.e. correlate what is missing from WAFEC according to ICSA and after due diligence incorporate it into the next release of WAFEC? Furthermore, NSS might adopt our approach and therefore increase our exposure. Your thoughts? -- Regards, Christian Heinrich http://cmlh.id.au/contact _______________________________________________ wasc-wafec mailing list wasc-wafec@lists.webappsec.org http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org

Brian, Here is the draft timeline of tasks that I have just thought of off the top of my head so it is subject to change when I have a chance to reconsider it over next weekend (28 June onwards): 1. Review the remaining chapter of the WAFEC v1 2. Review ICSA WAF Certification Criteria and incorporate any missing content into WAFEC 3. Review Garnter MQ My thinking of the above is due the amount of time that it may take for the vendor(s) to make the Gartner MQ available to the public for free. I have no idea yet if ICSA make their content available to the public or not so please accept my apology in advance if I am wrong. I am strapped for time at the moment. Thanks for acknowledging ICSA's support for the next release of WAFEC too. On Sat, Jun 21, 2014 at 10:58 PM, Monkman, Brian <bmonkman@icsalabs.com> wrote: > We would certainly be willing to discuss incorporating WAFEC into our > certification requirements. > > Brian Monkman > Network Security Programs Manager > ICSA Labs > > > -----Original Message----- > From: Christian Heinrich [christian.heinrich@cmlh.id.au] > Sent: Friday, June 20, 2014 06:58 PM Eastern Standard Time > To: Ofer Shezaf > Cc: wasc-wafec@lists.webappsec.org > Subject: Re: [WASC-WAFEC] ISCA WAF Certification Criteria > > Ofer, > > On Wed, Jun 6, 2012 at 9:39 PM, Ofer Shezaf <ofer@shezaf.com> wrote: >> · Approaching NSS, ICSA and the likes to use WAFEC > > I saw a mention of > https://www.icsalabs.com/technology-program/web-application-firewalls/web-application-firewall-certification-criteria > in the various media releases of vendors as part of the recently > announced Gartner Magic Quadrant. > > I believe our approach should be similar to that ingesting the Gartner > Magic Quadrant into WAFEC i.e. correlate what is missing from WAFEC > according to ICSA and after due diligence incorporate it into the next > release of WAFEC? > > Furthermore, NSS might adopt our approach and therefore increase our > exposure. > > Your thoughts? > > > -- > Regards, > Christian Heinrich > > http://cmlh.id.au/contact > > _______________________________________________ > wasc-wafec mailing list > wasc-wafec@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org -- Regards, Christian Heinrich http://cmlh.id.au/contact