As the number of Web application attacks grows and their level of sophistication increases, it is vitally important to have a standardized criterion for testing a security product's ability to truly protect Web applications. The Web Application Security Consortium (WASC), an international group of experts and industry practitioners, was organized to help tackle this problem and define best-practices for security standards for Web applications. The Web Application Firewall Evaluation Criteria (WAFEC) is a collaborative effort by this team designed to provide an independent and vendor-neutral set of criteria for evaluating Web Application Firewall products. Compliance with these criteria can ensure passing security audits within your organization.
The table below shows an overview of how Barracuda Web Application Controllers enable WAFEC compliance.
| WAFEC Criteria | Terminate | Secure | Accelerate | Control |
| 1.1 Modes of Operation | ||||
| Bridge |  |
|
|
|
| Router | |
|
|
|
| Reverse Proxy | |
|
|
|
| 1.2 SSL Termination | |
|
|
|
| 1.3 Connection Intermediation Blocking | |
|||
| 1.4 Method of Delivery | |
|||
| 1.5 High Availability and Scalability | |
|
|
|
| 1.6.1 Inline Operation - Virtualization | |
|
|
|
| 1.6.2 Response and URI rewrites | |
|||
| 1.6.3-.6 Caching, Compression, TCP Pooling | |
|
||
| 1.7 Non-HTTP Traffic | |
|||
| 2.1 HTTP and HTML Support | |
|||
| 2.2 Encoding Support | |
|||
| 2.3 Protocol Validation | ||||
| 2.4 - 2.8 HTML Restrictions | |
|
||
| 3.0 Detection Techniques | |
|||
| 4.0 Protection Techniques | |
|||
| 5.0 Logging | |
|
||
| 6.0 Reporting | |
|
||
| 7.0 Management | |
|||
| 8.0 Performance | |
|
|
|
| 9.0 XML & Web Services support | |
|