cancel
Showing results for 
Search instead for 
Did you mean: 

ASM Attack Signature Sets

Seckin
Cirrus
Cirrus

Hello everyone, Do you have any recommendation which attach signatures set should be added to the policy as a best practice? I mean except it has been added by Server Technologies. For example, do i need to add SQL injection signature set to the policy in order to prevent those types of attack?

1 ACCEPTED SOLUTION

Erik_Novak
F5 Employee
F5 Employee

If your application relies on a back-end SQL DB then yes, you should add the SQL Injection signature sets to secure it. It sounds like Server Technologies are being automatically detected and added your policy. That's good because all you really need are the attack signatures for the OS, web server, application framework, and database which match your environment. This means you won't have to manage violations triggered by attack signatures which are not related to your infrastructure. Make sense?

View solution in original post

4 REPLIES 4

Erik_Novak
F5 Employee
F5 Employee

If your application relies on a back-end SQL DB then yes, you should add the SQL Injection signature sets to secure it. It sounds like Server Technologies are being automatically detected and added your policy. That's good because all you really need are the attack signatures for the OS, web server, application framework, and database which match your environment. This means you won't have to manage violations triggered by attack signatures which are not related to your infrastructure. Make sense?

Thanks Erik! Yes Server technologies are automatically added to the policy with some signature sets as you know. By default, Generic Attach Signatures are already added and prevent some set of attacks such sql injection but also there is another set of signatures on the Change button and SQL Injection Signatures. Question is that, do i need to add these signatures to the policy, because default added generic attack signatures already blocked those types of attacks as i know.

As Erik is saying better talk with you dev and server teams about what is the database, what is the operational system on server, what programming languages are used as such things need to be asked.

Thanks 🙂