<<< Date Index >>>     <<< Thread Index >>>

Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released



contact@xxxxxxxxxxxxx wrote:
The Web Application Firewall Evaluation Criteria project is proud
to announce v1.0 of The Web Application Firewall Evaluation Criteria
(WAFEC), its first official release.

WAFEC is a result of a collaboration between web application
firewall vendors and independent security professionals to create a
comprehensive, vendor-neutral, web application firewall evaluation
criteria. The resulting framework can be used to evaluate and
and compare web application firewalls.

WAFEC v1.0 can be downloaded from the project home page:

  http://www.webappsec.org/projects/wafec/

Having a good framework by which to judge these applications is very cool as I had to do without quite a few times before. Thanks for creating it.

It is my belief that *today's* web application firewalls are a waste of money. Some people disagree and as I respect them, I will answer their questions one by one.

This is pretty long, check out:
http://blogs.securiteam.com/index.php/archives/220

And the follow-up, answering questions and good arguments: http://blogs.securiteam.com/?p=237

I'd appreciate any input.

        Gadi.