Forum Discussion

strongarm_46960's avatar
strongarm_46960
Icon for Nimbostratus rankNimbostratus
Mar 08, 2008

ASM OWASP Top Ten Protection

When the The negative security model implemented on f5, by picking or ticking negative security model within the Enforcement screen of the ASM, I expect it to protect against the OWASP Top Ten vulnerabilities or WebAppSec Threats.

 

 

However, this only happens when additional rules from the vast rules supplied are added inorder to create a negative security, the problem is if all the rules are selected then all users request gets blocks.

 

 

How goes one know the bases of rules to start from to defend against at least OWASP Top Ten . Since 'the negative security model' (Labelled tab) rules given by F5 ASM simply isn't adequate.

 

 

Can you please tell me which of the rules I need to tick or pick in order to have protection against the OWASP Top Ten vulnerabilities. Since it clear that the negative security policy on F5 does not offer this.

 

 

Many Thanks

4 Replies

  • Hi,

     

     

    I'm not sure this is the best place for this.

     

     

    This forum is for iRules but it has nothing to do with the negative security implemented within ASM.

     

     

    Negative security of ASM is a bundle of regexp to block attacked nothing related to iRules development.

     

     

    Maybe you should try to contact your F5 reseller to order some consultancy or advices on this subject.

     

     

    Or you may open a support case to ask from support which signature in the ASM bundle blocked the top ten attacked specified by OWASP.

     

     

    Maybe someone here will be able to help you anyway

     

     

  • I have tried to answer my own question by doing more research, however, don't think there is one in the Negative security realm on the F5 ASM, my impression is that ASM is more focused on Positive security than Negative, the result I see under the ASM are too generic for Negative security deployment within my firm.

     

     

    Incidentally does anyone know how long the ASM has been around. When will the next release happen.
  • I think the ASM should have a dedicated forum aswell. be nice to talk about all those signatures, or perhaps re-writing more signature just as you do in irules.
  • jquadri, there has been a new rapid deployment security policy built into ASM v9.4.4 that has helped with our implementations of ASM. It is definately worth checking out.

     

     

    it looks like it is covered in this document here:

     

    https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm_config_guide_944.html?sr=526134

     

     

    good luck!

     

     

    Blurred