Forum Discussion
Nuruddin_Ahmed_
Cirrostratus
CirrostratusHow Can i make sure that all OWASP related vulnerabilities are being blocked by our ASM policy?
How Can i make sure that all OWASP related vulnerabilities are being blocked by our ASM policy?
4 Replies
Vijith_182946Hi Nuruddin, I think there is no better explanation i will get from this link. Very good article from Josh Michaels, though this is based on old OWASP top 10, need to make changes according to the new one https://devcentral.f5.com/articles/f5-security-on-owasp-top-10
Cheers Vijith
Nuruddin_Ahmed_Thank you vijith but OWASP is industry standard for application security. F5 should consider this, may be they should design it in such a way that when you select the server/application parameters (like, windows, iss, oracle, asp...) then it should automatically for a signature bundle for OWASP top 10 vulnerabilities- Vijith_182946Hi Nuruddin, It all depends on how you implement your policy. F5 got covered all the OWASP vulnerabilities in the signatures but you might need to tune your policy in way the negative security approach. But i would say you need to be in the middle of positive and negative security model - an applied security model. Both model has got good and band but it depends your organisational standard etc.
natheCirrocumulus
Nuruddin, F5 has just released an ASM Operations Guide which does have a section on owasp. Check out this link ASM Operations Guide
ASM has all owasp mitigations covered it's just not as straightforward as selecting the backend server technologies.
Hope this helps,
N
