Difference between revisions of "WASC OWASP Web Application Firewall Evaluation Criteria Project"

From OWASP
Jump to: navigation, search
(Main)
 
(One intermediate revision by one user not shown)
Line 1: Line 1:
 
=Main=
 
=Main=
Web application firewalls (WAF) are a new breed of information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.
 
 
As today's web application attacks expand and their relative level of sophistication increases, it is vitally important to develop a standardized criteria for product evaluation. [http://projects.webappsec.org/w/page/13246985/Web%20Application%20Firewall%20Evaluation%20Criteria The Web Application Firewall Evaluation Criteria Project (WAFEC)] serves two goals: On the one hand WAFEC helps users to understand what a WAF is and its role in protecting web sites and on the other hand WAFEC provides a tool for users to make an educated decision when selecting a WAF.
 
  
 +
'''You can find the main project page [http://projects.webappsec.org/w/page/13246985/Web%20Application%20Firewall%20Evaluation%20Criteria here]'''
 +
 +
Web application firewalls (WAF) are an evolving information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.
 +
 +
As today's web application attacks expand and their relative level of sophistication increases, it is vitally important to develop a standardized criteria for WAFs evaluation. [http://projects.webappsec.org/w/page/13246985/Web%20Application%20Firewall%20Evaluation%20Criteria The Web Application Firewall Evaluation Criteria Project (WAFEC)] serves two goals:
 +
 +
* Help stakeholders understand what a WAF is and its role in protecting web sites.
 +
* Provide a tool for users to make an educated decision when selecting a WAF.
 +
 
WAFEC is a joined project between [http://www.webappsec.org The Web Application Security Consortium (WASC)] and [http://www.owasp.org OWASP] making sure the best minds in the industry, both those who work day and night to develop WAFs and those who implement and use them, are committed to ensure WAFEC is comprehensive, accurate and objective.
 
WAFEC is a joined project between [http://www.webappsec.org The Web Application Security Consortium (WASC)] and [http://www.owasp.org OWASP] making sure the best minds in the industry, both those who work day and night to develop WAFs and those who implement and use them, are committed to ensure WAFEC is comprehensive, accurate and objective.
  
The first version of WAFEC was released in 2006 and is in wide use in the industry. We are now working on [http://projects.webappsec.org/w/page/60249779/WAFEC_2_Outline version 2] and plan to release it in the first half of 2012. If you want to join the [http://projects.webappsec.org/w/page/54150727/WAFEC%202 contributors]  join the the [http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org mailing list] and chime in when you feel ready.
+
The first version of WAFEC was released in 2006 and is in wide use in the industry. We are now working on [http://projects.webappsec.org/w/page/60249779/WAFEC_2_Outline version 2] and plan to release it in the first half of 2013. If you want to join the [http://projects.webappsec.org/w/page/54150727/WAFEC%202 contributors]  join the the [http://lists.webappsec.org/mailman/listinfo/wasc-wafec_lists.webappsec.org mailing list] and chime in when you feel ready.
 
   
 
   
 
If you have any other question or idea, please contact WAFEC project leader [mailto:ofer@shezaf.com Ofer Shezaf].
 
If you have any other question or idea, please contact WAFEC project leader [mailto:ofer@shezaf.com Ofer Shezaf].

Latest revision as of 04:31, 1 January 2013

Main

You can find the main project page here

Web application firewalls (WAF) are an evolving information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.

As today's web application attacks expand and their relative level of sophistication increases, it is vitally important to develop a standardized criteria for WAFs evaluation. The Web Application Firewall Evaluation Criteria Project (WAFEC) serves two goals:

  • Help stakeholders understand what a WAF is and its role in protecting web sites.
  • Provide a tool for users to make an educated decision when selecting a WAF.

WAFEC is a joined project between The Web Application Security Consortium (WASC) and OWASP making sure the best minds in the industry, both those who work day and night to develop WAFs and those who implement and use them, are committed to ensure WAFEC is comprehensive, accurate and objective.

The first version of WAFEC was released in 2006 and is in wide use in the industry. We are now working on version 2 and plan to release it in the first half of 2013. If you want to join the contributors join the the mailing list and chime in when you feel ready.

If you have any other question or idea, please contact WAFEC project leader Ofer Shezaf.

Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: WASC OWASP Web Application Firewall Evaluation Criteria Project (home page)
Purpose: WAFEC is a joined industry effort to define what Web Application Firewalls are and provide the application security community with a tool to learn about WAFs and evaluate the suitability of different WAFs for their needs.
License: Creative Commons Attribution License 2.5
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: V2 draft outline and project plan View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Version 1.0 of WAFEC was released in 2006 and is heavily used in the indsutry featuring in an estimated 50% of WAF RFPs. WAFEC 1.0 is available for download in the following formats:
last reviewed release
Not Yet Reviewed


other releases