WASC OWASP Web Application Firewall Evaluation Criteria Project

=Main= Web application firewalls (WAF) are a new breed of information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code. As today's web application attacks expand and their relative level of sophistication increases, it is vitally important to develop a standardized criteria for product evaluation. The Web Application Firewall Evaluation Criteria Project (WAFEC) serves two goals: On the one hand WAFEC helps users to understand what a WAF is and its role in protecting web sites and on the other hand WAFEC provides a tool for users to make an educated decision when selecting a WAF.

WAFEC is a joined project between The Web Application Security Consortium (WASC) and OWASP making sure the best minds in the industry, both those who work day and night to develop WAFs and those who implement and use them, are committed to ensure WAFEC is comprehensive, accurate and objective.

The first version of WAFEC was released in 2006 and is in wide use in the industry. We are now working on version 2 and plan to release it in the first half of 2013. If you want to join the contributors join the the mailing list and chime in when you feel ready. If you have any other question or idea, please contact WAFEC project leader [mailto:ofer@shezaf.com Ofer Shezaf].

=Project About=