Forum Discussion

Cirrocumulus

Feb 26, 2024

Mitigating Stored XSS Attacks with F5 Big-IP ASM: Insights Needed

Hello Everyone, Could someone provide insights into how F5 Big-IP ASM handles stored XSS attacks? My understanding is that ASM primarily focuses on inspecting and enforcing XSS signature set...

security

Nishal_Rai

Cirrocumulus

Hi Daniel & Amine,

Actually, I've been testing stored XSS payloads on DVWA, bypassing F5 ASM, and requesting via F5 AWAF. Like trying to create a scenario when the client is unaware that there application has been affected by the stored xss payload.

Wondering if F5 ASM can detect and block responses containing these payloads from affected servers. Any insights?

Daniel_Wolf

MVP

Mar 01, 2024

Just had the time to look into this. Only found one signature that is tagged XSS and is applied to responses.

You might miss a stored XSS.

Forum Discussion

Mitigating Stored XSS Attacks with F5 Big-IP ASM: Insights Needed

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Announcing Security Insights

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Mitigating OWASP Web Application Risk: SSRF Attack using F5 XC Platform

F5 Distributed Cloud - Regional Edge Health Monitoring Insights

Mitigating OWASP Web Application Risk: Broken Access attacks using F5 Distributed Cloud Platform