Forum Discussion

Nimbostratus

Jan 20, 2014

Blocking Session Management attacks on ASM

hello, We recently came to know the F5 ASM is not blocking session management attacks which discloses the admin username and password on reply. May I know if this has something to do with attack...

application attacks

asm application security manager

Cirrocumulus

Jan 24, 2014

You can encrypt the sensitive cookie using the HTTP Profile Cookie Encryption feature and you can mask the sensitive password in the response using DataGuard in ASM. Be careful though as DataGuard masking can actually break your application if it is actually expecting the administrator password to be present in clear-text in the response.

Sam

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)