[Owasp-leaders] OWASP "Certification"

Ofer Shezaf ofer at shezaf.com
Tue Jul 2 17:06:44 UTC 2013



I assume being an NGFW and not a WAF, SANGFOR fiction is about the OWASP top 10 (which is usually the case) rather than WAFEC. WAFEC or not, it is still a fiction and quite an annoying one. In my mind it is worse than brand rip off as they claim we did some certification process for them which never occurred.


We do need to distinguish between SANGFOR piece of fiction and companies evaluating themselves against WAFEC. At the end of the day, the goal of WAFEC (“Web Application Firewall Evaluation Criteria”) is to provide a tool for evaluating (but not certifying). We do not certify, but we encourage others, including customers and vendors, to evaluate WAFs using it. I did see some evaluations out there by vendors that I did not agree with, but as long as they say it is self-evaluation, I see no brand issue around it.


~ Ofer


From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of rip
Sent: 02 July 2013 17:53
To: Jason Johnson; Owasp
Cc: OWASP Leaders
Subject: Re: [Owasp-leaders] OWASP "Certification"


Hi all


I investigated, they are reference WAEFC, for example, Trustwave Evaluating WebDefend Using WAFEC




OWASP China Leader


OWASP China Chapter

Shenzhen, China

Email: rip at owasp.org.cn <mailto:rip at owasp.org.cn> 



发件人: Owasp<eoin.keary at owasp.org <mailto:eoin.keary at owasp.org> >

收件人: Jason Johnson<jason.johnson at owasp.org <mailto:jason.johnson at owasp.org> >

抄送: OWASP Leaders<owasp-leaders at lists.owasp.org <mailto:owasp-leaders at lists.owasp.org> >

发送时间: 2013年7月2日(周二) 22:22

主题: Re: [Owasp-leaders] OWASP "Certification"


I believe the board is aware and we reached out. How great are we that people want to rip off our brand, congrats all :)

I'd probably expect more of this to come from countries which do not respect intellectual property or tradark rights.

Eoin Keary

Owasp Global Board

+353 87 977 2988


On 2 Jul 2013, at 15:33, Jason Johnson <jason.johnson at owasp.org <mailto:jason.johnson at owasp.org> > wrote:

These people pop up all the time. We need a wall of shame. 

Jason Johnson
Oklahoma City, OK

On Jul 2, 2013 8:15 AM, "Ludovic Petit" <ludovic.petit at owasp.org <mailto:ludovic.petit at owasp.org> > wrote:

Hi there,


Jason (Alexander, @0wasp) tweeted this a couple of weeks ago on 14 june:


Anyone seen this?http://www.sangfor.com/news/f7fad57564a7536d06c93a877d40046d.htm … the firewall recieved WAF certification from @owasp ??




I was just wondering about "... OWASP does not endorse or recommend commercial products or services..."


Did I missed something? 




OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130702/d91d4bcf/attachment.html>

More information about the OWASP-Leaders mailing list