Nokron
WAF F5
NokronGitLabELK stackWAF F5
WAF F5
NokronGitLabELK stackWAF F5
  • BIG-IP Application Security Manager
    • HTTP Protocol
      • Deep Dive to “HTTP Request” on ASM Module
      • ASM Example: Detecting a Malicious HTTP Request
    • Introduction to OWASP Top-10 Security Risks
    • Application Security Policy Templates in F5 ASM
      • Security Policy Levels
      • Explicit Entities Learning
      • Policy Modification
      • Gradual / Modular Blocking
      • Application Security Policy Lifecycle
      • Security Policy Enforcement Modes
      • Security Policy Violation Flags
      • How to Increase Learning Score / Deployment Speed
      • Comparison: Enforcement Mode, Learning Mode, and Violation Flags
    • Security Entities in Application Security Policy
      • Enforcement Readiness Summary
      • HTTP / HTTPS / WS / WSS URLs
      • Allowed Parameters in Security Policies
      • Allowed File Types in Security Policies
    • Tuning Security Policies: Analyzing and Categorizing Violations
      • Learning Suggestions in Security Policy Tuning
      • Policy Diff: Comparing and Auditing Security Policies
    • IP Address Exception Properties in ASM/AWAF
    • Cross-Site Request Forgery (CSRF) Protection in F5 ASM/AWAF
    • Sensitive Data Masking / Scrubbing (Data Guard) in F5 ASM/AWAF
    • Anti-virus Protection through an ICAP Server in F5 ASM/AWAF
    • Cookies in F5 ASM/AWAF Security
    • Session Tracking and Session Awareness in F5 ASM/AWAF
    • Evasion Technique Detection in F5 ASM/AWAF
    • Important Tips about Security Policy in F5 ASM/AWAF
    • L7 DDoS Attack Protection Configuration
    • TPS-based Attack Vectors and Stress-based Attack Vectors
    • Mitigation Techniques for DoS and Bot Protection
    • Important Tips about Events Logging
    • High-Speed Logging (HSL) Configuration
    • Web Threat Campaigns (v14.0+)
    • IP Intelligence (IPI) Subscription-Based License
    • Geo-IP Database Functionality
    • General Security Standards and WAF Support
    • ASM - Virtual Edition (VE) Tips
    • How to Bypass ASM Module
    • ASM Traffic Processing Daemon (bd)
    • ASM and AAM Integration
  • BIG-IP LTM Technology
    • Source IP Address and PORT Translation in BIG-IP
    • Packet Filters
    • Traffic / Service Profiles in BIG-IP
    • Virtual Servers and Their Behavior with Different Profiles in BIG-IP
      • Detailed Overview of Profiles in BIG-IP LTM
      • Optimizing for Mobile Clients in BIG-IP LTM
      • Connection Mirroring in BIG-IP LTM
      • AVR (Analytics) Profile in BIG-IP LTM
      • Health Monitoring in BIG-IP LTM
      • SSL Profile in BIG-IP LTM
      • Load-balancing Methods in BIG-IP LTM
      • Persistence Profile in BIG-IP
      • CMP vs. SMP in BIG-IP Systems
      • OneConnect Profile in BIG-IP
Powered by GitBook
On this page
  1. BIG-IP Application Security Manager
  2. Application Security Policy Templates in F5 ASM

Application Security Policy Lifecycle

The lifecycle of an Application Security Policy (ASP) consists of three distinct phases: Define, Tune, and Maintain. These phases guide the creation, adjustment, and ongoing management of security policies to protect web applications effectively.

Phase 1: Define, Modify, and Apply Policy

  • Purpose: To create and apply the initial security policy tailored to the application's requirements.

  • Key Steps:

    1. Create a Policy:

      • Use a suitable template (Fundamental, Enhanced, Comprehensive, etc.).

      • Select the most appropriate Policy-Building Mode (Automatic, Manual, or Hybrid).

    2. Policy Options:

      • Decide whether to automate the learning process.

      • Define key components like allowed file types, HTTP methods, parameters, etc.

    3. Apply Policy:

      • Deploy the security policy to begin protecting the web application.

  • Outcome:

    • The application is shielded by a baseline policy tailored to expected traffic and use cases.

Phase 2: Tune Policy

  • Purpose: To refine and mature the security policy over time, ensuring it becomes stricter without causing false positives.

  • Key Steps:

    1. Observation and Learning:

      • Analyze traffic patterns and violations logged by the system.

      • Accept legitimate application elements (e.g., file types, parameters, HTTP methods).

    2. Enforce Policy:

      • Gradually enforce components of the policy that have not triggered any violations.

      • Remove wildcards and replace them with explicit entities for stricter control.

    3. Iterative Improvement:

      • Fine-tune the policy by resolving false positives and addressing security gaps.

  • Outcome:

    • A mature and stricter security policy aligned with the application's actual behavior and needs.

Phase 3: Maintain Policy

  • Purpose: To ensure the security policy evolves with application changes and emerging threats.

  • Key Steps:

    1. Monitor and Review:

      • Regularly review logs and reports to identify suspicious activity or traffic anomalies.

    2. Adapt Policy:

      • Adjust the policy to reflect changes in the application, such as new endpoints or features.

      • Update attack signatures and security rules to address new vulnerabilities.

    3. Keep the Policy Accurate:

      • Ensure the policy remains relevant by removing outdated rules and incorporating new ones.

  • Outcome:

    • A dynamic, up-to-date policy that effectively protects the application while minimizing administrative overhead.

Lifecycle Summary

Phase

Description

Key Actions

Goal

Define

Create and deploy the initial policy.

Select templates, enable learning, define security components

Establish a baseline security posture.

Tune

Refine the policy to improve effectiveness.

Analyze traffic, enforce stable elements, address false positives

Mature the policy to match application behavior.

Maintain

Continuously update the policy to stay relevant.

Monitor traffic, adapt to changes, update attack signatures

Keep the policy aligned with application needs.

This lifecycle ensures that the Application Security Policy remains robust, efficient, and adaptable, safeguarding applications against evolving threats while maintaining usability.

PreviousGradual / Modular BlockingNextSecurity Policy Enforcement Modes

Last updated 3 months ago