Forum Discussion
Suricate
Altocumulus
AltocumulusAre there recommended F5 ASMAWAF attack signatures to apply by default for in addition to TOP10OWASP
Hello, I have to deploy the ASM/AWAF module on a BIG-IP LTM equipment, for many web applications. I would like to know if there are attack signatures to apply by default on any web application, in...
Hi Suricate ,
If you run on TMOS v 15.1.x.x or later
the best way to harden your Policy against OWASP TOP 10 Attack is to rely on OWASP Compliance in AWAF policy
Navigate ( Security >>> overview >>> OWASP compliance )
and use this this Article as a guide for you : https://community.f5.com/t5/technical-articles/making-waf-simple-introducing-the-owasp-compliance-dashboard/ta-p/285969If you run on TMOS earlier than 15.1.x.x
There are much attack signatures to defend against OWASP , but you have to follow the Article that you have sent in your POST to mitigate each one on OWASP TOP 10.
Hi Suricate ,
If you run on TMOS v 15.1.x.x or later
the best way to harden your Policy against OWASP TOP 10 Attack is to rely on OWASP Compliance in AWAF policy
Navigate ( Security >>> overview >>> OWASP compliance )
and use this this Article as a guide for you : https://community.f5.com/t5/technical-articles/making-waf-simple-introducing-the-owasp-compliance-dashboard/ta-p/285969
If you run on TMOS earlier than 15.1.x.x
There are much attack signatures to defend against OWASP , but you have to follow the Article that you have sent in your POST to mitigate each one on OWASP TOP 10.
SuricateAltocumulus
AltocumulusThank you very much for your answer. "OWASP Compliance in AWAF policy" will be very helpful and useful.