For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Devin_M__351818's avatar
Devin_M__351818
Icon for Nimbostratus rankNimbostratus
Aug 29, 2018

Anyone with experience deploying ASM in blocking mode for a product called Powerschool?

We've recently started exploring use of ASM to better protect some of our applications. One of the most important ones we're focusing on is one called Powerschool.   https://www.powerschool.com/ ...
ASM Advanced WAF
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Sep 03, 2018

This appears to be education-sector-specific product, I am guessing most people on this forum(like myself) come from the business side, so unable to help directly.

 

You need to understand the application's technology, so you could map it to correct attack signatures, e.g. is it a .NET application, a Java application, a PHP application? What kind of auto-learnt things are throwing false positives? Attack signatures? Parameters? URLs? HTTP protocol compliance? Has this product been penetration-tested, do you have a pen-test report or a list of known security vulnerabilities?