For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Nishal_Rai's avatar
Nishal_Rai
Icon for Cirrocumulus rankCirrocumulus
Feb 26, 2024

Mitigating Stored XSS Attacks with F5 Big-IP ASM: Insights Needed

Hello Everyone,   Could someone provide insights into how F5 Big-IP ASM handles stored XSS attacks?    My understanding is that ASM primarily focuses on inspecting and enforcing XSS signature set...
security
Amine_Kadimi's avatar
Amine_Kadimi
Icon for MVP rankMVP
Feb 27, 2024

I suggest you enable signature enforcement for server responses. In a lab environment it should be OK but in production it might impact the performance of the app

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Feb 28, 2024

Yes, that's what I said. Signatures can be enforced also on responses.

  • Nishal_Rai's avatar
    Nishal_Rai
    Icon for Cirrocumulus rankCirrocumulus
    Mar 06, 2024

    Amine_KadimiDaniel_Wolf 
    Sorry for the late response.


    Regarding signature enforcement on the responses, I selected the following signature set.

    The log events of the application:
    On the file types specification of the response signatures:

    What would be the appropriate file types, since the script is stored on a message box.

    Since the above mentioned signature was unable to detect the stored XSS payload in the response.