For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dan_Markhasin_1's avatar
Dan_Markhasin_1
Icon for Nimbostratus rankNimbostratus
Oct 26, 2015

Apply ASM attack signatures to URLs?

Hi,   Is it possible to apply ASM attack signatures detection to URLs? This is the scenario I am trying to solve:   1) Assume we have a RESTFul web service that returns user details given a use...
ASM Advanced WAF
security
Tim_K_92675's avatar
Tim_K_92675
Icon for Cirrostratus rankCirrostratus
Oct 27, 2015

Probably need to ping F5 support for more specific info. My take is that SQL Injection attack types are parameter-based and specific to user input, hence why it doesn't apply in this case. Granted, you could certainly argue mucking up the URL is a type of user input, but it still doesn't satisfy the parameter-based aspect. Regardless, there are other means to validate URL content, such as allowed/disallowed meta characters.