contact@xxxxxxxxxxxxx wrote:
The Web Application Firewall Evaluation Criteria project is proud
to announce v1.0 of The Web Application Firewall Evaluation Criteria
(WAFEC), its first official release.
WAFEC is a result of a collaboration between web application
firewall vendors and independent security professionals to create a
comprehensive, vendor-neutral, web application firewall evaluation
criteria. The resulting framework can be used to evaluate and
and compare web application firewalls.
WAFEC v1.0 can be downloaded from the project home page:
http://www.webappsec.org/projects/wafec/
Having a good framework by which to judge these applications is very
cool as I had to do without quite a few times before. Thanks for
creating it.
It is my belief that *today's* web application firewalls are a waste of
money. Some people disagree and as I respect them, I will answer their
questions one by one.
This is pretty long, check out:
http://blogs.securiteam.com/index.php/archives/220
And the follow-up, answering questions and good arguments:
http://blogs.securiteam.com/?p=237
I'd appreciate any input.
Gadi.
