Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released

[Gadi Evron <ge@xxxxxxxxxxxx>]

contact@xxxxxxxxxxxxx wrote:
> The Web Application Firewall Evaluation Criteria project is proud
> to announce v1.0 of The Web Application Firewall Evaluation Criteria
> (WAFEC), its first official release.
>
> WAFEC is a result of a collaboration between web application
> firewall vendors and independent security professionals to create a
> comprehensive, vendor-neutral, web application firewall evaluation
> criteria. The resulting framework can be used to evaluate and
> and compare web application firewalls.
>
> WAFEC v1.0 can be downloaded from the project home page:
>
>   http://www.webappsec.org/projects/wafec/

Having a good framework by which to judge these applications is very 
cool as I had to do without quite a few times before. Thanks for 
creating it.

It is my belief that *today's* web application firewalls are a waste of 
money. Some people disagree and as I respect them, I will answer their 
questions one by one.

This is pretty long, check out:
http://blogs.securiteam.com/index.php/archives/220

And the follow-up, answering questions and good arguments: 
http://blogs.securiteam.com/?p=237

I'd appreciate any input.

        Gadi.