Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Are there recommended F5 ASMAWAF attack signatures to apply by default for in addition to TOP10OWASP

Suricate
Altocumulus
Altocumulus

Hello,

I have to deploy the ASM/AWAF module on a BIG-IP LTM equipment, for many web applications. I would like to know if there are attack signatures to apply by default on any web application, in addition to the TOP 10 OWASP (https://my.f5.com/manage/s/article/K45215395), please?

Thank you in advance.

1 ACCEPTED SOLUTION

Hi @Suricate , 
If you run on TMOS v 15.1.x.x or later

the best way to harden your Policy against OWASP TOP 10 Attack is to rely on OWASP Compliance in AWAF policy 
Navigate ( Security >>> overview >>> OWASP compliance ) 
and use this this Article as a guide for you : https://community.f5.com/t5/technical-articles/making-waf-simple-introducing-the-owasp-compliance-da...

If you run on TMOS earlier than 15.1.x.x

There are much attack signatures to defend against OWASP , but you have to follow the Article that you have sent in your POST to mitigate each one on OWASP TOP 10. 

_______________________
Regards
Mohamed Kansoh

View solution in original post

3 REPLIES 3

whisperer
Cumulonimbus
Cumulonimbus

You want separate ASM profiles/policies for each application to tweak individually. Within the profiles/policies you set the web server and any other web technologies in use like scripting language. This then specifically reduces the signature set to what is valid for the application.

 

Hi @Suricate , 
If you run on TMOS v 15.1.x.x or later

the best way to harden your Policy against OWASP TOP 10 Attack is to rely on OWASP Compliance in AWAF policy 
Navigate ( Security >>> overview >>> OWASP compliance ) 
and use this this Article as a guide for you : https://community.f5.com/t5/technical-articles/making-waf-simple-introducing-the-owasp-compliance-da...

If you run on TMOS earlier than 15.1.x.x

There are much attack signatures to defend against OWASP , but you have to follow the Article that you have sent in your POST to mitigate each one on OWASP TOP 10. 

_______________________
Regards
Mohamed Kansoh

Thank you very much for your answer. "OWASP Compliance in AWAF policy" will be very helpful and useful.