Forum Discussion

Suricate's avatar
Suricate
Icon for Altocumulus rankAltocumulus
Jun 29, 2023
Solved

Are there recommended F5 ASMAWAF attack signatures to apply by default for in addition to TOP10OWASP

Hello,

I have to deploy the ASM/AWAF module on a BIG-IP LTM equipment, for many web applications. I would like to know if there are attack signatures to apply by default on any web application, in addition to the TOP 10 OWASP (https://my.f5.com/manage/s/article/K45215395), please?

Thank you in advance.

security

3 Replies

Sort By
  • whisperer's avatar
    whisperer
    Icon for MVP rankMVP
    Jun 29, 2023

    You want separate ASM profiles/policies for each application to tweak individually. Within the profiles/policies you set the web server and any other web technologies in use like scripting language. This then specifically reduces the signature set to what is valid for the application.

     

  • Mohamed_Ahmed_Kansoh's avatar
    Mohamed_Ahmed_Kansoh
    Icon for MVP rankMVP
    Jun 29, 2023

    Hi Suricate , 
    If you run on TMOS v 15.1.x.x or later

    the best way to harden your Policy against OWASP TOP 10 Attack is to rely on OWASP Compliance in AWAF policy 
    Navigate ( Security >>> overview >>> OWASP compliance ) 
    and use this this Article as a guide for you : https://community.f5.com/t5/technical-articles/making-waf-simple-introducing-the-owasp-compliance-dashboard/ta-p/285969

    If you run on TMOS earlier than 15.1.x.x

    There are much attack signatures to defend against OWASP , but you have to follow the Article that you have sent in your POST to mitigate each one on OWASP TOP 10. 

    • Suricate's avatar
      Suricate
      Icon for Altocumulus rankAltocumulus
      Jul 04, 2023

      Thank you very much for your answer. "OWASP Compliance in AWAF policy" will be very helpful and useful.