Forum Discussion
F5 WAF risk assessment process
The answer i got is to use vulnerability tool which i don't have in my environment.
Risk assessment be of the F5 WAF (Virtual Server's) , if it's been configured with best practices guideline if any like i found for Palo alto but not for F5. How to found any loophole in the configuration that bad actor can exploit blah blah....
in Front we have F5 silverline ddos protection that assessment also required but i dont find any guidelines for both fo this.
- boneyardJun 24, 2024MVP
I wouldn't call that a risk assessment, but fine.
Tried searching for something from F5 itself but can't really find it. A WAF policy is something that differs per application so ONE best practice is not something easily written.
You can have a look at this dashboard, it tries to provide some guidance about what can be done:
https://clouddocs.f5.com/training/community/waf/html/waf111/module1/lab4.html
- zamroni777Jun 25, 2024Nacreous
you can use free assesment tools such as owasp zap
https://www.zaproxy.org/ - GajjiJun 26, 2024Cirrostratus
As you rightly said - A WAF policy is something that differs per application so ONE best practice is not something easily written.
But still there should be certain best practices that can still guide the creation and management of these policies to ensure a high level of security while maintaining application functionality.
that i can use to know whether my environment policies are according to the best practices or not..Also it seems Compliance report provided by F5 device itself is not relevant/consistent according to everyone needs.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com