Forum Discussion

Nishal_Rai's avatar
Nishal_Rai
Icon for Cirrocumulus rankCirrocumulus
Feb 26, 2024

Mitigating Stored XSS Attacks with F5 Big-IP ASM: Insights Needed

Hello Everyone,   Could someone provide insights into how F5 Big-IP ASM handles stored XSS attacks?    My understanding is that ASM primarily focuses on inspecting and enforcing XSS signature set...
security
zamroni777's avatar
zamroni777
Icon for Nacreous rankNacreous

you use dvwa as example so i presume that it was not production environment.

if the situation happens in production, i suggest fix the root causes with the help of ASM log:
a. enable response filtering in ASM and enable log of it.
b. use the ASM log to help app developer pinpoint the root source in application DB and clean it.

Nishal_Rai's avatar
Nishal_Rai
Icon for Cirrocumulus rankCirrocumulus
Mar 06, 2024

Hi zamroni777 

Thanks for the idea and yes it is not in production environment. I am just trying to create hypothetical environment, where we somehow missed to address the stored XSS attack on the existing service and latter implemented f5 waf. 
And regarding the response logging filtering, if the f5 asm cannot detect the payload in the response via the available signature sets then those logs will not be (blocked/illegal) flagged depending on the security enforcement mode and we would end up in the same position of being unknown about the existing stored XSS attack in the service.