Re: [mod-security-users] ModSecurity and WAFEC (v1.0) anyone?
Brought to you by:
victorhora,
zimmerletw
From: yersinia <yer...@gm...> - 2012-07-09 08:19:31
|
I have filled a wafec for mod security an year ago, mostly complete. I have always forgot to condivide it, also for give it a good review. Now i am on vacation, but next week i will try to post the docu here and put you in cc. Best regards Elia 2012/7/9, chr...@po... <chr...@po...>: > Hi there, > > A customer of mine is running a fairly big and formal WAF evaluation > including ModSecurity. > The commercial vendors responded with a filled out version of the WAFEC 1.0 > form. > (http://projects.webappsec.org/w/page/13246985/Web%20Application%20Firewall%20Evaluation%20Criteria) > > Has anybody ever filled out this long list of questions for ModSecurity? > > There have been several attempts to bring out WAFEC 2.0 (a new iteration > lead by Ofer Shezaf is under way > right now). In 2008, Ivan responded there was a plan to wait for WAFEC 2.0 > and then release an official > ModSec->WAFEC paper. > http://article.gmane.org/gmane.comp.apache.mod-security.user/4751/match=modsecurity+wafec > > Anybody has additional information? Likewise, if somebody could provide me > with a filled out > version, that would be really appreciated. I am also happy about private > responses. > > Best, > > Christian > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- Inviato dal mio dispositivo mobile |