Forum Discussion

Suricate's avatar
Suricate
Icon for Altocumulus rankAltocumulus
Jun 29, 2023
Solved

Are there recommended F5 ASMAWAF attack signatures to apply by default for in addition to TOP10OWASP

Hello, I have to deploy the ASM/AWAF module on a BIG-IP LTM equipment, for many web applications. I would like to know if there are attack signatures to apply by default on any web application, in...
security
Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP

Hi Suricate , 
If you run on TMOS v 15.1.x.x or later

the best way to harden your Policy against OWASP TOP 10 Attack is to rely on OWASP Compliance in AWAF policy 
Navigate ( Security >>> overview >>> OWASP compliance ) 
and use this this Article as a guide for you : https://community.f5.com/t5/technical-articles/making-waf-simple-introducing-the-owasp-compliance-dashboard/ta-p/285969

If you run on TMOS earlier than 15.1.x.x

There are much attack signatures to defend against OWASP , but you have to follow the Article that you have sent in your POST to mitigate each one on OWASP TOP 10. 

Suricate's avatar
Suricate
Icon for Altocumulus rankAltocumulus
Jul 04, 2023

Thank you very much for your answer. "OWASP Compliance in AWAF policy" will be very helpful and useful.