Are there recommended F5 ASMAWAF attack signatures to apply by default for in addition to TOP10OWASP
Hello,
I have to deploy the ASM/AWAF module on a BIG-IP LTM equipment, for many web applications. I would like to know if there are attack signatures to apply by default on any web application, in addition to the TOP 10 OWASP (https://my.f5.com/manage/s/article/K45215395), please?
Thank you in advance.
Hi Suricate ,
If you run on TMOS v 15.1.x.x or later
the best way to harden your Policy against OWASP TOP 10 Attack is to rely on OWASP Compliance in AWAF policy
Navigate ( Security >>> overview >>> OWASP compliance )
and use this this Article as a guide for you : https://community.f5.com/t5/technical-articles/making-waf-simple-introducing-the-owasp-compliance-dashboard/ta-p/285969If you run on TMOS earlier than 15.1.x.x
There are much attack signatures to defend against OWASP , but you have to follow the Article that you have sent in your POST to mitigate each one on OWASP TOP 10.