F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

strongarm_46960's avatar
strongarm_46960
Icon for Nimbostratus rankNimbostratus
Mar 07, 2008

ASM OWASP Top Ten Protection

When the The negative security model implemented on f5, by picking or ticking negative security model within the Enforcement screen of the ASM, I expect it to protect against the OWASP Top Ten vulnerabilities or WebAppSec Threats.

 

 

However, this only happens when additional rules from the vast rules supplied are added inorder to create a negative security, the problem is if all the rules are selected then all users request gets blocks.

 

 

How goes one know the bases of rules to start from to defend against at least OWASP Top Ten . Since 'the negative security model' (Labelled tab) rules given by F5 ASM simply isn't adequate.

 

 

Can you please tell me which of the rules I need to tick or pick in order to have protection against the OWASP Top Ten vulnerabilities. Since it clear that the negative security policy on F5 does not offer this.

 

 

Many Thanks
application delivery
dev
devops
iRules

4 Replies

  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    Mar 08, 2008
    Hi,

     

     

    I'm not sure this is the best place for this.

     

     

    This forum is for iRules but it has nothing to do with the negative security implemented within ASM.

     

     

    Negative security of ASM is a bundle of regexp to block attacked nothing related to iRules development.

     

     

    Maybe you should try to contact your F5 reseller to order some consultancy or advices on this subject.

     

     

    Or you may open a support case to ask from support which signature in the ASM bundle blocked the top ten attacked specified by OWASP.

     

     

    Maybe someone here will be able to help you anyway

     

     

  • strongarm_46960's avatar
    strongarm_46960
    Icon for Nimbostratus rankNimbostratus
    Mar 09, 2008
    I have tried to answer my own question by doing more research, however, don't think there is one in the Negative security realm on the F5 ASM, my impression is that ASM is more focused on Positive security than Negative, the result I see under the ASM are too generic for Negative security deployment within my firm.

     

     

    Incidentally does anyone know how long the ASM has been around. When will the next release happen.
  • strongarm_46960's avatar
    strongarm_46960
    Icon for Nimbostratus rankNimbostratus
    Mar 09, 2008
    I think the ASM should have a dedicated forum aswell. be nice to talk about all those signatures, or perhaps re-writing more signature just as you do in irules.
  • BlurredVision_1's avatar
    BlurredVision_1
    Icon for Nimbostratus rankNimbostratus
    Mar 11, 2008
    jquadri, there has been a new rapid deployment security policy built into ASM v9.4.4 that has helped with our implementations of ASM. It is definately worth checking out.

     

     

    it looks like it is covered in this document here:

     

    https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm_config_guide_944.html?sr=526134

     

     

    good luck!

     

     

    Blurred
Related Content