Forum Discussion
Vijith_182946
Mar 01, 2016Cirrostratus
Hi Nuruddin, I think there is no better explanation i will get from this link. Very good article from Josh Michaels, though this is based on old OWASP top 10, need to make changes according to the new one https://devcentral.f5.com/articles/f5-security-on-owasp-top-10
Cheers Vijith
- Nuruddin_Ahmed_Mar 01, 2016CirrostratusThank you vijith but OWASP is industry standard for application security. F5 should consider this, may be they should design it in such a way that when you select the server/application parameters (like, windows, iss, oracle, asp...) then it should automatically for a signature bundle for OWASP top 10 vulnerabilities
- Vijith_182946Mar 01, 2016CirrostratusHi Nuruddin, It all depends on how you implement your policy. F5 got covered all the OWASP vulnerabilities in the signatures but you might need to tune your policy in way the negative security approach. But i would say you need to be in the middle of positive and negative security model - an applied security model. Both model has got good and band but it depends your organisational standard etc.