For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Nov 06, 2015

ASM and targeted form exploatation

Hi,   I am looking for real life experiences/advice related to protecting against very precise automation based form filling. Main point here is that whole process is not violating any application...
ASM Advanced WAF
design
security
Michael_Koyfman's avatar
Michael_Koyfman
Icon for Cirrocumulus rankCirrocumulus
Nov 07, 2015

I highly suggest trying version 12 and using Proactive Bot Detection in the L7 DDoS profile. There are significant improvements in v12 with respect to ability to detect headless browsers such as PhantomJS, etc.

 

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Nov 09, 2015
Hi, Thanks for info, have you any info what exactly was implemented - or as I guess it's F5 secret? I am still wondering how it can stand up against targeted attack performed by really skilled persons knowing that ASM is used for protection. Piotr