ASM OWASP Top Ten Protection

Question

When the The negative security model implemented on f5, by picking or ticking negative security model within the Enforcement screen of the ASM, I expect it to protect against the OWASP Top Ten vulnerabilities or WebAppSec Threats.  &nbsp;
&nbsp;However, this only happens when additional rules from the vast rules supplied are added inorder to create a negative security, the problem is if all the rules are selected then all users request gets blocks. &nbsp;
&nbsp;How goes one know the bases of rules to start from to defend against at least OWASP Top Ten . Since  'the negative security model' (Labelled tab) rules given by F5 ASM simply isn't adequate.&nbsp;
&nbsp;Can you please tell me which of the rules I need to tick or pick in order to have protection against the OWASP Top Ten vulnerabilities. Since it clear that the negative security policy on F5 does not offer this.  &nbsp;
&nbsp;Many Thanks

nicolas_menant · Answer

Hi,&nbsp;
&nbsp;I'm not sure this is the best place for this. &nbsp;
&nbsp;This forum is for iRules but it has nothing to do with the negative security implemented within ASM. &nbsp;
&nbsp;Negative security of ASM is a bundle of regexp to block attacked nothing related to iRules development. &nbsp;
&nbsp;Maybe you should try to contact your F5 reseller to order some consultancy or advices on this subject.&nbsp;
&nbsp;Or you may open a support case to ask from support which signature in the ASM bundle blocked the top ten attacked specified by OWASP. &nbsp;
&nbsp;Maybe someone here will be able to help you anyway &nbsp;&nbsp;

strongarm_46960 · Answer

I have tried to answer my own question by doing more research, however, don't think there is one in the Negative security realm on the F5 ASM, my impression is that ASM is more focused on Positive security than Negative, the result I see under the ASM are too generic for Negative security deployment within my firm.  &nbsp;
&nbsp;Incidentally does anyone know how long the ASM has been around. When will the next release happen.

strongarm_46960 · Answer

I think the ASM should have a dedicated forum aswell. be nice to talk about all those signatures, or perhaps re-writing more signature just as you do in irules.

blurredvision_1 · Answer

jquadri,  there has been a new rapid deployment security policy built into ASM v9.4.4 that has helped with our implementations of ASM.  It is definately worth checking out.&nbsp;
&nbsp;it looks like it is covered in this document here:
&nbsp;https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm_config_guide_944.html?sr=526134&nbsp;
&nbsp;good luck!&nbsp;
&nbsp;Blurred

Forum Discussion

ASM OWASP Top Ten Protection

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

Mitigating OWASP API Security Top 10 risks using F5 NGINX App Protect

Mitigate OWASP LLM Security Risk: Sensitive Information Disclosure Using F5 NGINX App Protect

Knowledge sharing: Order of precedence for BIG-IP modules, ASM DDOS Protection, Bot Protection

Introduction to OWASP API Security Top 10 2023

OWASP Automated Threats - OAT-001 Carding

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS