Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released

From: ArkanoiD <ark () eltex net>
Date: Wed, 25 Jan 2006 14:17:58 +0300
nuqneH,

Well, again, what we actually need is higher level inspecton toolkit
to deal with protocols working over http. That makes the whole thing useful
and we get the idea of firewall working again - now it does not.
(this applies to traditional proxy firewalls as well as to w.a.f. as reverse 
proxy etc). Once we can work with the protocol, we can define a kind of
policy on that layer.

A good thing to start with is xml-based protocols, isn't it?
Any known implementation or just work in progress? I'd like to do it
myself but i'm afraid i do not have sufficient resources for now.

I cc this to firewall-wizards mailing list, it may be of some interest
there.

On Sun, Jan 22, 2006 at 08:44:13AM +0200, Gadi Evron wrote:

contact () webappsec org wrote:

The Web Application Firewall Evaluation Criteria project is proud
to announce v1.0 of The Web Application Firewall Evaluation Criteria
(WAFEC), its first official release.

WAFEC is a result of a collaboration between web application
firewall vendors and independent security professionals to create a
comprehensive, vendor-neutral, web application firewall evaluation
criteria. The resulting framework can be used to evaluate and
and compare web application firewalls.

WAFEC v1.0 can be downloaded from the project home page:

 http://www.webappsec.org/projects/wafec/


Having a good framework by which to judge these applications is very 
cool as I had to do without quite a few times before. Thanks for 
creating it.

It is my belief that *today's* web application firewalls are a waste of 
money. Some people disagree and as I respect them, I will answer their 
questions one by one.

This is pretty long, check out:
http://blogs.securiteam.com/index.php/archives/220

And the follow-up, answering questions and good arguments: 
http://blogs.securiteam.com/?p=237

I'd appreciate any input.

      Gadi.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: