Forum Discussion
Gajji
Cirrostratus
CirrostratusF5 WAF risk assessment process
I got request to do f5 WAF risk assessment for my environment, do you have any suggestions how should i do Any documents/steps/url that I can follow to do the same. I don't have any vulnerabili...
boneyard
MVP
MVPI wouldn't call that a risk assessment, but fine.
Tried searching for something from F5 itself but can't really find it. A WAF policy is something that differs per application so ONE best practice is not something easily written.
You can have a look at this dashboard, it tries to provide some guidance about what can be done:
https://clouddocs.f5.com/training/community/waf/html/waf111/module1/lab4.html
zamroni777
Nacreous
Nacreousyou can use free assesment tools such as owasp zap
https://www.zaproxy.org/