ASM CSRF protection- how this works and effectiveness

Question

Hi, I am trying to figure out how effective CSRF protection in ASM? How ASM effectively blocks the CSRF? I know this is by using anti-CSRF token but could you enlighten me with some more details?&nbsp;
Another question, my client has already implemented anti-csrf token in the application level now he is asking what advantage ASM provides? yes, there could be coding errors but apart from that what else?
I read that ASM injects some scripts which may cause some issue. please share your expertise..cheers&nbsp;

nathe · Answer

At a high level it injects a Javascript token into the response. See Overview of the ASM CSRF protection feature for more details.&nbsp;
For this reason it may not always be compatible with you web application and so i would strongly suggest a DEV or UAT environment first. If the web app itself can be configured to use CSRF protection then that's probably the best place for it as it should integrate better. That being said if a web app doesn't allow this feature then using ASM is fairly simple and straightforward to setup.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

ASM CSRF protection- how this works and effectiveness

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

Managing NGINX App Protect WAF for Beginners

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

Cookie-based DDoS protection