Forum Discussion

Nimbostratus

Jan 20, 2014

Blocking Session Management attacks on ASM

hello, We recently came to know the F5 ASM is not blocking session management attacks which discloses the admin username and password on reply. May I know if this has something to do with attack...

application attacks

asm application security manager

Cirrocumulus

Jan 24, 2014

You can encrypt the sensitive cookie using the HTTP Profile Cookie Encryption feature and you can mask the sensitive password in the response using DataGuard in ASM. Be careful though as DataGuard masking can actually break your application if it is actually expecting the administrator password to be present in clear-text in the response.

Sam

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Blocking Session Management attacks on ASM

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

Zero Trust building blocks - Machine Identity Management (MIM) and Workload Protection

NGINX Management Suite API Connectivity Manager - Modern API driven Applications

Re: Management Certificate

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)

Manage F5 BIG-IP FAST with Terraform (Part 3 - Manage multiple AWAF policies based on HTTP criteria)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS