Last document update: January 14th, 2006

Complete Document v1.0

Resources

WAFEC, or how to choose WAF technology
[PPT size: 6.5M (MD5 SUM: 4cadf27fe0866a701a1f4aa78b32fe56)

Description
Develop the industry standard testing criteria for evaluating the quality of web application firewall solutions.

Web application firewalls (WAF) are a new breed of information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code. As today's web application attacks expand and their relative level of sophistication increases, it is vitally important to develop a standardized criteria for product evaluation. How else can we accurately compare or measure the performance of a particular solution?

Establishing an evaluation criteria can be a difficult task even for a skilled web security professional. It is unlikely the evaluators have the time or the skills to create comprehensive criteria of their own. This fact makes it very difficult to compare WAF products offered by various different vendors. Therefore creation of any evaluation criteria must include the direct involvement of WAF vendors and the web security community.

The goal of this project is to develop a detailed web application firewall evaluation criteria; a testing methodology that can be used by any reasonably skilled technician to independently assess the quality of a WAF solution.

If you would like to be involved with the project, please contact Ivan Ristic

Search this site

Home :: About Us :: Projects :: Mailing Lists :: Library :: News :: Links :: Contact Us