| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43D329BD.6080108@linuxbox.org> Date: Sun, 22 Jan 2006 08:44:13 +0200 From: Gadi Evron <ge@...uxbox.org> To: bugtraq@...urityfocus.com Subject: Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released contact@...appsec.org wrote: > The Web Application Firewall Evaluation Criteria project is proud > to announce v1.0 of The Web Application Firewall Evaluation Criteria > (WAFEC), its first official release. > > WAFEC is a result of a collaboration between web application > firewall vendors and independent security professionals to create a > comprehensive, vendor-neutral, web application firewall evaluation > criteria. The resulting framework can be used to evaluate and > and compare web application firewalls. > > WAFEC v1.0 can be downloaded from the project home page: > > http://www.webappsec.org/projects/wafec/ Having a good framework by which to judge these applications is very cool as I had to do without quite a few times before. Thanks for creating it. It is my belief that *today's* web application firewalls are a waste of money. Some people disagree and as I respect them, I will answer their questions one by one. This is pretty long, check out: http://blogs.securiteam.com/index.php/archives/220 And the follow-up, answering questions and good arguments: http://blogs.securiteam.com/?p=237 I'd appreciate any input. Gadi.
Powered by blists - more mailing lists