Forum Discussion

abumo_1124's avatar
abumo_1124
Icon for Nimbostratus rankNimbostratus
Oct 20, 2010

critical severity violations

We have just created our first web application asm security policy. The policy was setup by f5 admin which he considers it is suitable for the web application. My job is kind of auditing this policy, I have reviewed all the violations setup, all the violations that have critical severity are blocked, however some error and warning violations are not blocked nor alarm such as (illegal entry point). My big concern on this application that it has sensitive data. Violations that causes buffer overflow are not important to us as the ones that cause stealing information. The question now are violations that have critical severity enough to protect the web application?

 

I appreciate your reply.

 

 

APM
app sec
security

1 Reply

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Oct 21, 2010
    Hi Abumo,

     

     

    I wouldn't consider it a best practice to enable and configure every violation type that ASM can perform for every application. Ideally, the policy should be tuned to the application. For example, if the application performs proper session enforcement, there isn't a need to track that every request a client makes has gone through a successful authentication attempt. I would speak with the person that built the policy and possibly the people that built or administer the application to get a better understanding of what the application's security requirements are and why the policy was set up as it was.

     

     

    Aaron