Forum Discussion
samstep
Jan 12, 2019Cirrocumulus
First of all - how do you think the hackers are going to inject a malicious script into the responses of the Server (which is behind F5 WAF)? Most attacks happen over the web using Cross-Site-Scripting attack (XSS) or SQL injection attack (SQLi). F5 ASM as a WAF can identify and block the malicious script injection attempt as it will be a Request.
There are ways to inject malicious scripts using man-in-the-browser/client-side malware or 3rd-party JavaScript already included in server responses being compromised. In such cases F5 WebSafe module can help.