Forum Discussion

Nimbostratus

Jan 30, 2018

Asm doubt

What is the best practice ? Adding all parameters for application and removing the wildcard parameter from staging and keeping all in enforcement mode ? Or to keep a hybrid model, adding re...

Cirrocumulus

Feb 03, 2018

It depends on your application and its size. Generally speaking you want a tight policy which will ensure maximum protection against attacks. If staging is enabled many attacks will not be blocked! If your application is small-medium then yes, you should whitelist all parameters an enforce everything. This is provided your application never or rarely changes (e.g. OWA, Oracle appls etc). If you are protecting an "agile" application which changes weekly and maybe even daily then hybrid approach is needed

Forum Discussion

Asm doubt

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

ASM logs

ASM LOGS

File upload and ASM

File Uploads and ASM

From ASM to Advanced WAF: Advancing your Application Security