[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls

From: "Ryan Barnett" <rcbarnett@xxxxxxxxx>
Subject: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
Date: Thu, 3 Jul 2008 09:25:04 -0400

------=_Part_8581_19727757.1215091505085
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

If you want to compare WAF products yourself, then the WASC Web Application
Firewall Evaluation Criteria (WAFEC) provides a framework -
http://www.webappsec.org/projects/wafec/.  Btw - v2.0 is in the works.

As for industry bake-offs, I believe that the Information Security WAF
review from March 2008 is the most recent -

*Comparative Product Review: Six Web Application Firewalls*
http://searchSecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1303838,00.html<http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1303838,00.html>
by: Sandra Kay Miller
<http://searchsecurity.techtarget.com/magazineByAuthor/0,296893,sid14_gci1129728,00.html>
Issue: Mar 2008<http://searchsecurity.techtarget.com/magazineIssue/0,296883,sid14_gci1303835,00.html>

-- 
Ryan C. Barnett
ModSecurity Community Manager
Breach Security: Director of Application Security
Web Application Security Consortium (WASC) Member
CIS Apache Benchmark Project Lead
SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC
Author: Preventing Web Attacks with Apache


On Wed, Jul 2, 2008 at 11:39 PM, Ray Foo <gunblad3@gmail.com> wrote:

> Hi guys,
>
> Does anyone know where I can find comparisons of WAFs?  I've been Googling
> around for some time already, but somehow have not been able to find such
> information.
>
> Any help would be appreciated, thanks in advance!
>
> Regards,
> Ray
>
> _______________________________________________
> Webappsec mailing list
> Webappsec@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/webappsec
>
>

------=_Part_8581_19727757.1215091505085
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

If you want to compare WAF products yourself, then the WASC Web Application Firewall Evaluation Criteria (WAFEC) provides a framework - <a href="http://www.webappsec.org/projects/wafec/";>http://www.webappsec.org/projects/wafec/</a>.&nbsp; Btw - v2.0 is in the works.<br>
<br>As for industry bake-offs, I believe that the Information Security WAF review from March 2008 is the most recent -<br><br><font face="arial, verdana, helvetica" size="2">
	<font size="5"><b>Comparative Product Review: Six Web Application Firewalls</b></font><br>
	
	  <a href="http://searchsecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1303838,00.html";>http://searchSecurity.techtarget.com/magazineFeature/0,296894,sid14_gci1303838,00.html</a><br>
	
	
		<font class="body">by: 
		
			  <a href="http://searchsecurity.techtarget.com/magazineByAuthor/0,296893,sid14_gci1129728,00.html";>
		 Sandra Kay Miller </a><br>
	 
	  Issue: <a href="http://searchsecurity.techtarget.com/magazineIssue/0,296883,sid14_gci1303835,00.html";>Mar 2008</a><br></font></font><br>-- <br>Ryan C. Barnett<br>ModSecurity Community Manager<br>Breach Security: Director of Application Security<br>
Web Application Security Consortium (WASC) Member<br>CIS Apache Benchmark Project Lead<br>SANS Instructor, GCIA, GCFA, GCIH, GSNA, GCUX, GSEC<br>Author: Preventing Web Attacks with Apache<br><br><br><div class="gmail_quote">
On Wed, Jul 2, 2008 at 11:39 PM, Ray Foo &lt;<a href="mailto:gunblad3@gmail.com";>gunblad3@gmail.com</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi guys,<br><br>Does anyone know where I can find comparisons of WAFs?&nbsp; I&#39;ve been Googling around for some time already, but somehow have not been able to find such information.<br><br>Any help would be appreciated, thanks in advance!<br>

<br>Regards,<br><font color="#888888">Ray<br>
</font><br>_______________________________________________<br>
Webappsec mailing list<br>
<a href="mailto:Webappsec@lists.owasp.org";>Webappsec@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/webappsec"; target="_blank">https://lists.owasp.org/mailman/listinfo/webappsec</a><br>
<br></blockquote></div><br><br clear="all">

------=_Part_8581_19727757.1215091505085--

Follow-Ups:
- [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
  - From: Arian J. Evans

References:
- [WEB SECURITY] Comparisons of Web Application Firewalls
  - From: Ray Foo

Prev by Date: Re: [WEB SECURITY] Comparisons of Web Application Firewalls
Next by Date: Re: [WEB SECURITY] Comparisons of Web Application Firewalls
Previous by thread: Re: [WEB SECURITY] Comparisons of Web Application Firewalls
Next by thread: [WEB SECURITY] Re: [Webappsec] Comparisons of Web Application Firewalls
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site