Forum Discussion
Nishal_Rai
Cirrocumulus
CirrocumulusMitigating Stored XSS Attacks with F5 Big-IP ASM: Insights Needed
Hello Everyone, Could someone provide insights into how F5 Big-IP ASM handles stored XSS attacks? My understanding is that ASM primarily focuses on inspecting and enforcing XSS signature set...
Nishal_RaiCirrocumulus
CirrocumulusHi Daniel & Amine,
Actually, I've been testing stored XSS payloads on DVWA, bypassing F5 ASM, and requesting via F5 AWAF. Like trying to create a scenario when the client is unaware that there application has been affected by the stored xss payload.
Wondering if F5 ASM can detect and block responses containing these payloads from affected servers. Any insights?
Amine_KadimiMVP
I suggest you enable signature enforcement for server responses. In a lab environment it should be OK but in production it might impact the performance of the app
- Daniel_Wolf
Yes, that's what I said. Signatures can be enforced also on responses.
- Nishal_Rai
Amine_KadimiDaniel_Wolf
Sorry for the late response.
Regarding signature enforcement on the responses, I selected the following signature set.The log events of the application:
On the file types specification of the response signatures:What would be the appropriate file types, since the script is stored on a message box.
Since the above mentioned signature was unable to detect the stored XSS payload in the response.
- Daniel_Wolf
Just had the time to look into this. Only found one signature that is tagged XSS and is applied to responses.
You might miss a stored XSS.
