Forum Discussion

Cirrostratus

Feb 26, 2016

Baseline security

Hi Techies, I am on top of ongoing implementation project of F5 infrastructure that includes all the top modules. We are in the process of setting up a new service model mainly around WAF (ASM) for o...

target operating model

Erik_Novak

Employee

Feb 26, 2016

It's difficult to define "baseline standards" as every application is different and their are variances in security needs. In many cases, ASM implementations begin with a security policy based on the Rapid Deployment template, which will cover the OWASP Top 10, will provide HTTP RFC compliance, attack signatures, and evasion detection protection. As you get more comfortable with ASM and improve at interpreting and handling violations, you can develop a more comprehensive policy by layering on more protection for allowing only specific file types, URLs, and various types of parameter protection.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Baseline security

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 Security Podcasts

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Get Started with WAAP Security Incidents

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS