For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Gajji's avatar
Gajji
Icon for Cirrostratus rankCirrostratus
Jun 19, 2024

F5 WAF risk assessment process

I got request to do f5 WAF risk assessment for my environment, do you have any suggestions how should i do  Any documents/steps/url that I can follow to do the same.   I don't have any vulnerabili...
application delivery
security
Gajji's avatar
Gajji
Icon for Cirrostratus rankCirrostratus
Jun 24, 2024

The answer i got is to use vulnerability tool which i don't have in my environment.

Risk assessment be of the F5 WAF (Virtual Server's) , if it's been configured with best practices guideline if any like i found for Palo alto but not for F5. How to found any loophole in the configuration that bad actor can exploit blah blah....

in Front we have F5 silverline ddos protection that assessment also required but i dont find any guidelines for both fo this.

 

boneyard's avatar
boneyard
Icon for MVP rankMVP
Jun 24, 2024

I wouldn't call that a risk assessment, but fine.

 

Tried searching for something from F5 itself but can't really find it. A WAF policy is something that differs per application so ONE best practice is not something easily written.

 

You can have a look at this dashboard, it tries to provide some guidance about what can be done:

https://clouddocs.f5.com/training/community/waf/html/waf111/module1/lab4.html