Forum Discussion

Nuruddin_Ahmed_'s avatar
Nuruddin_Ahmed_
Icon for Cirrostratus rankCirrostratus
Mar 01, 2016

How Can i make sure that all OWASP related vulnerabilities are being blocked by our ASM policy?

How Can i make sure that all OWASP related vulnerabilities are being blocked by our ASM policy?

 

4 Replies

    • Nuruddin_Ahmed_'s avatar
      Nuruddin_Ahmed_
      Icon for Cirrostratus rankCirrostratus
      Thank you vijith but OWASP is industry standard for application security. F5 should consider this, may be they should design it in such a way that when you select the server/application parameters (like, windows, iss, oracle, asp...) then it should automatically for a signature bundle for OWASP top 10 vulnerabilities
    • Vijith_182946's avatar
      Vijith_182946
      Icon for Cirrostratus rankCirrostratus
      Hi Nuruddin, It all depends on how you implement your policy. F5 got covered all the OWASP vulnerabilities in the signatures but you might need to tune your policy in way the negative security approach. But i would say you need to be in the middle of positive and negative security model - an applied security model. Both model has got good and band but it depends your organisational standard etc.
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Nuruddin, F5 has just released an ASM Operations Guide which does have a section on owasp. Check out this link ASM Operations Guide

     

    ASM has all owasp mitigations covered it's just not as straightforward as selecting the backend server technologies.

     

    Hope this helps,

     

    N