Firewall Wizards mailing list archives
Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released
From: ArkanoiD <ark () eltex net>
Date: Wed, 25 Jan 2006 14:17:58 +0300
nuqneH, Well, again, what we actually need is higher level inspecton toolkit to deal with protocols working over http. That makes the whole thing useful and we get the idea of firewall working again - now it does not. (this applies to traditional proxy firewalls as well as to w.a.f. as reverse proxy etc). Once we can work with the protocol, we can define a kind of policy on that layer. A good thing to start with is xml-based protocols, isn't it? Any known implementation or just work in progress? I'd like to do it myself but i'm afraid i do not have sufficient resources for now. I cc this to firewall-wizards mailing list, it may be of some interest there. On Sun, Jan 22, 2006 at 08:44:13AM +0200, Gadi Evron wrote:
contact () webappsec org wrote:The Web Application Firewall Evaluation Criteria project is proud to announce v1.0 of The Web Application Firewall Evaluation Criteria (WAFEC), its first official release. WAFEC is a result of a collaboration between web application firewall vendors and independent security professionals to create a comprehensive, vendor-neutral, web application firewall evaluation criteria. The resulting framework can be used to evaluate and and compare web application firewalls. WAFEC v1.0 can be downloaded from the project home page: http://www.webappsec.org/projects/wafec/Having a good framework by which to judge these applications is very cool as I had to do without quite a few times before. Thanks for creating it. It is my belief that *today's* web application firewalls are a waste of money. Some people disagree and as I respect them, I will answer their questions one by one. This is pretty long, check out: http://blogs.securiteam.com/index.php/archives/220 And the follow-up, answering questions and good arguments: http://blogs.securiteam.com/?p=237 I'd appreciate any input. Gadi.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released ArkanoiD (Jan 25)