Forum Discussion
Nishal_Rai
Cirrocumulus
Hi Daniel & Amine,
Actually, I've been testing stored XSS payloads on DVWA, bypassing F5 ASM, and requesting via F5 AWAF. Like trying to create a scenario when the client is unaware that there application has been affected by the stored xss payload.
Wondering if F5 ASM can detect and block responses containing these payloads from affected servers. Any insights?
Daniel_Wolf
Mar 01, 2024MVP
Just had the time to look into this. Only found one signature that is tagged XSS and is applied to responses.
You might miss a stored XSS.