Forum Discussion
abumo_1124
Nimbostratus
Nimbostratuscritical severity violations
We have just created our first web application asm security policy. The policy was setup by f5 admin which he considers
it is suitable for the web application. My job is kind of auditing this policy, I have reviewed all the violations setup, all the violations that have critical severity are blocked, however some error and warning violations are not blocked nor alarm such as (illegal entry point). My big concern on this application that it has sensitive data. Violations that causes buffer overflow are not important to us as the ones that cause stealing information. The question now are violations that have critical severity enough to protect the web application?
I appreciate your reply.
hoolioCirrostratus
Hi Abumo,
I wouldn't consider it a best practice to enable and configure every violation type that ASM can perform for every application. Ideally, the policy should be tuned to the application. For example, if the application performs proper session enforcement, there isn't a need to track that every request a client makes has gone through a successful authentication attempt. I would speak with the person that built the policy and possibly the people that built or administer the application to get a better understanding of what the application's security requirements are and why the policy was set up as it was.
Aaron