Forum Discussion

Seçkin's avatar
Seçkin
Icon for Cirrus rankCirrus
Mar 30, 2021

ASM Attack Signature Sets

Hello everyone, Do you have any recommendation which attach signatures set should be added to the policy as a best practice? I mean except it has been added by Server Technologies. For example, do i need to add SQL injection signature set to the policy in order to prevent those types of attack?

application delivery
ASM Advanced WAF
BIG-IP
security
  • Erik_Novak's avatar
    Erik_Novak
    Mar 30, 2021

    If your application relies on a back-end SQL DB then yes, you should add the SQL Injection signature sets to secure it. It sounds like Server Technologies are being automatically detected and added your policy. That's good because all you really need are the attack signatures for the OS, web server, application framework, and database which match your environment. This means you won't have to manage violations triggered by attack signatures which are not related to your infrastructure. Make sense?

  • Erik_Novak's avatar
    Erik_Novak
    Icon for Employee rankEmployee
    Mar 30, 2021

    If your application relies on a back-end SQL DB then yes, you should add the SQL Injection signature sets to secure it. It sounds like Server Technologies are being automatically detected and added your policy. That's good because all you really need are the attack signatures for the OS, web server, application framework, and database which match your environment. This means you won't have to manage violations triggered by attack signatures which are not related to your infrastructure. Make sense?

    • Seçkin's avatar
      Seçkin
      Icon for Cirrus rankCirrus
      Apr 02, 2021

      Thanks Erik! Yes Server technologies are automatically added to the policy with some signature sets as you know. By default, Generic Attach Signatures are already added and prevent some set of attacks such sql injection but also there is another set of signatures on the Change button and SQL Injection Signatures. Question is that, do i need to add these signatures to the policy, because default added generic attack signatures already blocked those types of attacks as i know.

  • Nikoolayy1's avatar
    Nikoolayy1
    Icon for MVP rankMVP
    Mar 30, 2021

    As Erik is saying better talk with you dev and server teams about what is the database, what is the operational system on server, what programming languages are used as such things need to be asked.