Amit585731
Mar 12, 2019Nimbostratus
anti-defacement
Hi,
We are comparing ASM with Fortiweb and Secure sphere and wanted to understand if ASM or AWAF can support anti defacement? I couldn't find any article on F5.
Thank You for help.
defacement attacks are usually executed by exploiting either Cross-Site Scripting (XSS) or Remote Code Execution (RCE) attacks - both can be detected and blocked by ASM. In other words - in order to deface a website the hackers first have to exploit a vulnerability hack into your web application / web server and replace the website contents in CMS or upload and change files on the webserver.
Fortiweb offering a specific anti-defacement services by monitoring the contents of the website - this is not really practical for many modern web applications as the website content changes all the time, however in ASM you can use Data Guard to monitor data leakage for specific keywords to achieve extra monitoring and blocking for defacement (provided hackers manage to break into your website protected by F5 ASM WAF)