strongarm_46960
Mar 08, 2008Nimbostratus
ASM OWASP Top Ten Protection
When the The negative security model implemented on f5, by picking or ticking negative security model within the Enforcement screen of the ASM, I expect it to protect against the OWASP Top Ten vulnerabilities or WebAppSec Threats.
However, this only happens when additional rules from the vast rules supplied are added inorder to create a negative security, the problem is if all the rules are selected then all users request gets blocks.
How goes one know the bases of rules to start from to defend against at least OWASP Top Ten . Since 'the negative security model' (Labelled tab) rules given by F5 ASM simply isn't adequate.
Can you please tell me which of the rules I need to tick or pick in order to have protection against the OWASP Top Ten vulnerabilities. Since it clear that the negative security policy on F5 does not offer this.
Many Thanks