Forum Discussion
4 Replies
Sort By
- Vijith_182946Cirrostratus
Hi Nuruddin, I think there is no better explanation i will get from this link. Very good article from Josh Michaels, though this is based on old OWASP top 10, need to make changes according to the new one https://devcentral.f5.com/articles/f5-security-on-owasp-top-10
Cheers Vijith
- Nuruddin_Ahmed_CirrostratusThank you vijith but OWASP is industry standard for application security. F5 should consider this, may be they should design it in such a way that when you select the server/application parameters (like, windows, iss, oracle, asp...) then it should automatically for a signature bundle for OWASP top 10 vulnerabilities
- Vijith_182946CirrostratusHi Nuruddin, It all depends on how you implement your policy. F5 got covered all the OWASP vulnerabilities in the signatures but you might need to tune your policy in way the negative security approach. But i would say you need to be in the middle of positive and negative security model - an applied security model. Both model has got good and band but it depends your organisational standard etc.
- natheCirrocumulus
Nuruddin, F5 has just released an ASM Operations Guide which does have a section on owasp. Check out this link ASM Operations Guide
ASM has all owasp mitigations covered it's just not as straightforward as selecting the backend server technologies.
Hope this helps,
N