[42407] in bugtraq
Re: Announcement: The Web Application Firewall Evaluation Criteria
daemon@ATHENA.MIT.EDU (Gadi Evron)
Tue Jan 24 21:48:32 2006
Message-ID: <43D329BD.6080108@linuxbox.org>
Date: Sun, 22 Jan 2006 08:44:13 +0200
From: Gadi Evron <ge@linuxbox.org>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
In-Reply-To: <20060115210524.39620.qmail@cgisecurity.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
contact@webappsec.org wrote:
> The Web Application Firewall Evaluation Criteria project is proud
> to announce v1.0 of The Web Application Firewall Evaluation Criteria
> (WAFEC), its first official release.
>
> WAFEC is a result of a collaboration between web application
> firewall vendors and independent security professionals to create a
> comprehensive, vendor-neutral, web application firewall evaluation
> criteria. The resulting framework can be used to evaluate and
> and compare web application firewalls.
>
> WAFEC v1.0 can be downloaded from the project home page:
>
> http://www.webappsec.org/projects/wafec/
Having a good framework by which to judge these applications is very
cool as I had to do without quite a few times before. Thanks for
creating it.
It is my belief that *today's* web application firewalls are a waste of
money. Some people disagree and as I respect them, I will answer their
questions one by one.
This is pretty long, check out:
http://blogs.securiteam.com/index.php/archives/220
And the follow-up, answering questions and good arguments:
http://blogs.securiteam.com/?p=237
I'd appreciate any input.
Gadi.
