[fw-wiz] Re: Announcement: The Web Application Firewall Evaluation Criteria v1 Released

From: ArkanoiD <ark@xxxxxxxxx>
Date: Wed, 25 Jan 2006 14:17:58 +0300

nuqneH,

Well, again, what we actually need is higher level inspecton toolkit
to deal with protocols working over http. That makes the whole thing useful
and we get the idea of firewall working again - now it does not.
(this applies to traditional proxy firewalls as well as to w.a.f. as reverse
proxy etc). Once we can work with the protocol, we can define a kind of
policy on that layer.

A good thing to start with is xml-based protocols, isn't it?
Any known implementation or just work in progress? I'd like to do it
myself but i'm afraid i do not have sufficient resources for now.

I cc this to firewall-wizards mailing list, it may be of some interest
there.

On Sun, Jan 22, 2006 at 08:44:13AM +0200, Gadi Evron wrote:
> contact@xxxxxxxxxxxxx wrote:
> >The Web Application Firewall Evaluation Criteria project is proud
> >to announce v1.0 of The Web Application Firewall Evaluation Criteria
> >(WAFEC), its first official release.
> >
> >WAFEC is a result of a collaboration between web application
> >firewall vendors and independent security professionals to create a
> >comprehensive, vendor-neutral, web application firewall evaluation
> >criteria. The resulting framework can be used to evaluate and
> >and compare web application firewalls.
> >
> >WAFEC v1.0 can be downloaded from the project home page:
> >
> > http://www.webappsec.org/projects/wafec/
>
> Having a good framework by which to judge these applications is very
> cool as I had to do without quite a few times before. Thanks for
> creating it.
>
> It is my belief that *today's* web application firewalls are a waste of
> money. Some people disagree and as I respect them, I will answer their
> questions one by one.
>
> This is pretty long, check out:
> http://blogs.securiteam.com/index.php/archives/220
>
> And the follow-up, answering questions and good arguments:
> http://blogs.securiteam.com/?p=237
>
> I'd appreciate any input.
>
> Gadi.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Prev by Date: Re: [fw-wiz] RE: IDS (was: FW appliance comparison)
Next by Date: Re: [fw-wiz] RE: In defense of non standard ports
Previous by thread: [fw-wiz] X server in a Firewall
Next by thread: RE: [fw-wiz] RE: IDS (was: FW appliance comparison)
Index(es):
- Date
- Thread

Relevant Pages

Re: Natted IP
... >>local IP and can guess other protocols that might be allowed through the ... >>against a target and required for firewall protocol tunneling exploits. ... >>run only with JS enabled with Java applets disabled. ... tunnel through a firewall using blind protocols such as an exposed UDP ...
(alt.computer.security)
[Full-Disclosure] YABBT [1] - Re: Zone Alarm
... >>network blocking when dealing with like protocols. ... > "There is one big benefit, which no hardware router can bring you. ... "A HW firewall can only block a whole machine but can't denied access ...
(Full-Disclosure)
Re: [fw-wiz] Firewall Primitives
... >to the sheer number of protocols in common use today? ... checkpoint more easily than through a proxy firewall. ... we did app logic on HTTP as well. ... As William Hugh Murray says "Connectivity trumps security ...
(Firewall-Wizards)
Re: Wich protocol numbers?
... I believe that he is referring to other networking protocols such as IPX, ... Banyan VINES etc. Normally a firewall is not needed for these ...
(microsoft.public.win2000.security)
Re: Firewall Useless Today :better security product ?
... > Compounding the situation is that attack mechanisms use popular ... > Versioning) are designed to skirt firewall configurations, ... > protocols billed as "firewall friendly" actually circumvent them, ... > rely on them to block the onslaught of tainted packets, ...
(comp.security.firewalls)