Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Web Application Firewall Evaluation Criteria v1 Released

The Web Application Firewall Evaluation Criteria (WAFEC) v1.0 has been released over the weekend. You can get it from here. WAFEC is a well-rounded effort to enumerate the features of web application firewalls (WAFs). I managed the project, but the work is a result of collaboration between many WAF vendors, WAF users, and security professionals. With WAFs being a very diverse subject getting a diverse group of people together was key to producing a good document. I am very happy v1.0 is out; we've been working on it for the largest part of 2005.

This document is a *must-read* if your intend to incorporate a WAF into your architecture (or consider it). It will not only help decide between the available offerings but it will also help you understand how is that these devices are protecting you. For more information go and fetch the document itself. You can also read through this NetworkWorld article. Or the press release.

Recent SpiderLabs Blog Posts