Nokron
WAF F5
NokronGitLabELK stackWAF F5
WAF F5
NokronGitLabELK stackWAF F5
  • BIG-IP Application Security Manager
    • HTTP Protocol
      • Deep Dive to “HTTP Request” on ASM Module
      • ASM Example: Detecting a Malicious HTTP Request
    • Introduction to OWASP Top-10 Security Risks
    • Application Security Policy Templates in F5 ASM
      • Security Policy Levels
      • Explicit Entities Learning
      • Policy Modification
      • Gradual / Modular Blocking
      • Application Security Policy Lifecycle
      • Security Policy Enforcement Modes
      • Security Policy Violation Flags
      • How to Increase Learning Score / Deployment Speed
      • Comparison: Enforcement Mode, Learning Mode, and Violation Flags
    • Security Entities in Application Security Policy
      • Enforcement Readiness Summary
      • HTTP / HTTPS / WS / WSS URLs
      • Allowed Parameters in Security Policies
      • Allowed File Types in Security Policies
    • Tuning Security Policies: Analyzing and Categorizing Violations
      • Learning Suggestions in Security Policy Tuning
      • Policy Diff: Comparing and Auditing Security Policies
    • IP Address Exception Properties in ASM/AWAF
    • Cross-Site Request Forgery (CSRF) Protection in F5 ASM/AWAF
    • Sensitive Data Masking / Scrubbing (Data Guard) in F5 ASM/AWAF
    • Anti-virus Protection through an ICAP Server in F5 ASM/AWAF
    • Cookies in F5 ASM/AWAF Security
    • Session Tracking and Session Awareness in F5 ASM/AWAF
    • Evasion Technique Detection in F5 ASM/AWAF
    • Important Tips about Security Policy in F5 ASM/AWAF
    • L7 DDoS Attack Protection Configuration
    • TPS-based Attack Vectors and Stress-based Attack Vectors
    • Mitigation Techniques for DoS and Bot Protection
    • Important Tips about Events Logging
    • High-Speed Logging (HSL) Configuration
    • Web Threat Campaigns (v14.0+)
    • IP Intelligence (IPI) Subscription-Based License
    • Geo-IP Database Functionality
    • General Security Standards and WAF Support
    • ASM - Virtual Edition (VE) Tips
    • How to Bypass ASM Module
    • ASM Traffic Processing Daemon (bd)
    • ASM and AAM Integration
  • BIG-IP LTM Technology
    • Source IP Address and PORT Translation in BIG-IP
    • Packet Filters
    • Traffic / Service Profiles in BIG-IP
    • Virtual Servers and Their Behavior with Different Profiles in BIG-IP
      • Detailed Overview of Profiles in BIG-IP LTM
      • Optimizing for Mobile Clients in BIG-IP LTM
      • Connection Mirroring in BIG-IP LTM
      • AVR (Analytics) Profile in BIG-IP LTM
      • Health Monitoring in BIG-IP LTM
      • SSL Profile in BIG-IP LTM
      • Load-balancing Methods in BIG-IP LTM
      • Persistence Profile in BIG-IP
      • CMP vs. SMP in BIG-IP Systems
      • OneConnect Profile in BIG-IP
Powered by GitBook
On this page
  1. BIG-IP Application Security Manager

Application Security Policy Templates in F5 ASM

F5 ASM provides various methods to create and configure security policies tailored to different application types, traffic patterns, and security needs. Here's a breakdown of the approaches mentioned:

1. Create a Security Policy Automatically

  • Options: Fundamental, Enhanced, Comprehensive.

  • How It Works:

    • The Real Traffic Policy Builder automatically creates a security policy by analyzing live application traffic.

    • It evaluates:

      • Patterns in requests.

      • User behavior.

      • The structure and intended behavior of the application.

    • Timeframe: This process may take several days depending on:

      • The number of requests sent.

      • The complexity and size of the website.

  • Limitations:

    • This method offers limited ability to fine-tune the resulting policies.

    • It’s intended for quick deployment without requiring detailed manual intervention.

2. Create a Security Policy Manually

  • Methods:

    • Rapid Deployment Policy (RDP):

      • A simplified, manual setup method designed for faster implementation.

      • Focuses on immediate protection while allowing manual adjustments over time.

    • Pre-defined Templates:

      • Application-ready security policies tailored for specific platforms or applications (e.g., SharePoint, WordPress).

      • Templates are pre-configured with baseline rules and require less manual setup.

  • Advantages:

    • Provides granular control for administrators to fine-tune the policy to the application’s needs.

    • Ideal for experienced users who need precise configurations.

3. Create a Security Policy for API-Based Applications

  • Focus: Protection for APIs, including REST APIs and GraphQL.

  • How It Works:

    • The system uses predefined configurations to create a security policy tailored to API behavior.

    • Protects against common API-specific threats such as:

      • Injection attacks.

      • Parameter tampering.

      • Schema or query violations (e.g., in GraphQL).

    • Additional Features:

      • Offers learning suggestions to refine security policies further.

      • Supports protection for XML/Web Services by validating schema, content types, and behaviors.

4. Create a Security Policy Using 3rd Party Vulnerability Assessment Tool Output

  • Purpose:

    • Integrates results from external vulnerability scanning tools to build a targeted security policy.

  • Supported Tools:

    • Examples include:

      • WhiteHat Sentinel

      • IBM Rational AppScan

      • Cenzic Hailstorm

      • QualysGuard

      • HP WebInspect

  • How It Works:

    • The vulnerability scanner identifies weaknesses in the application.

    • The output is imported into ASM, which automatically adjusts the security policy to mitigate identified risks.

  • Advantages:

    • Addresses known vulnerabilities effectively.

    • Ensures that policies are directly aligned with the specific risks present in the application.

Comparison of the Methods

Method

Automation Level

Fine-Tuning Options

Use Case

Automatic (Real Traffic Policy)

High

Limited

Quick protection with minimal intervention.

Manual (RDP or Templates)

Medium

High

Granular control and tailored configurations.

API-Based Applications

Medium

High

API-specific threats and schema validation.

3rd Party Vulnerability Tool

High

Moderate (based on output)

Targeted mitigation of known vulnerabilities.

PreviousIntroduction to OWASP Top-10 Security RisksNextSecurity Policy Levels

Last updated 3 months ago