Forum Discussion
Nishal_Rai
Cirrocumulus
CirrocumulusMitigating Stored XSS Attacks with F5 Big-IP ASM: Insights Needed
Hello Everyone, Could someone provide insights into how F5 Big-IP ASM handles stored XSS attacks? My understanding is that ASM primarily focuses on inspecting and enforcing XSS signature set...
Nishal_RaiCirrocumulus
CirrocumulusHi Daniel & Amine,
Actually, I've been testing stored XSS payloads on DVWA, bypassing F5 ASM, and requesting via F5 AWAF. Like trying to create a scenario when the client is unaware that there application has been affected by the stored xss payload.
Wondering if F5 ASM can detect and block responses containing these payloads from affected servers. Any insights?
Daniel_Wolf
MVP
MVPJust had the time to look into this. Only found one signature that is tagged XSS and is applied to responses.
You might miss a stored XSS.