F5 Asm waf start from beginner to advanced

What is WAF-

WAF is web application firewall , which protect from application layer of security and attack- just examples

1. SQL Injection (SQLi): SQL injection attacks involve injecting malicious SQL code into input fields or other areas of a web application where user input is accepted. WAFs can detect and block such attempts to manipulate a database through crafted SQL queries.
2. Cross-Site Scripting (XSS): XSS attacks involve injecting malicious scripts into web pages that are then executed by a user’s browser. WAFs can detect and prevent XSS by filtering and sanitizing input data to ensure that malicious scripts are not executed.
3. Cross-Site Request Forgery (CSRF): CSRF attacks trick users into performing unintended actions on a web application in which they are authenticated. WAFs can help prevent CSRF attacks by validating and verifying the origin of requests.
4. Distributed Denial of Service (DDoS): DDoS attacks attempt to overwhelm a web application or server with a large volume of traffic, making it unavailable to legitimate users. WAFs can mitigate the impact of DDoS attacks by filtering and managing incoming traffic.
5. File Inclusion Attacks: File inclusion vulnerabilities can be exploited to include malicious files or scripts into a web application. WAFs can detect and block attempts to exploit such vulnerabilities.
6. Security Misconfigurations: WAFs can help identify and prevent common security misconfigurations in web applications, such as exposed sensitive information, default credentials, and unnecessary services.
7. Brute Force Attacks: WAFs can protect against brute force attacks by monitoring and limiting the number of login attempts, making it more difficult for attackers to guess passwords.
8. Command Injection: Command injection attacks involve injecting malicious commands into input fields to execute arbitrary commands on the server. WAFs can detect and block such attempts to prevent unauthorized command execution.
9. Protocol Violations and Anomalies: WAFs can analyze incoming traffic for protocol violations and anomalies, helping to identify and block potentially malicious behavior.

What is F5 ASM-

The Basics

• The BIG-IP ASM is a Layer 7 ICSA-certified Web Application Firewall (WAF) that provides application security in traditional, virtual, and private cloud environments.

• It is built on TMOS…the universal product platform shared by all F5 BIG-IP products.
• It can run on any of the F5 Application Delivery Platforms…BIG-IP Virtual Edition, BIG-IP 2000 -> 11050, and all the VIPRION blades.
• It protects your applications from a myriad of network attacks including the OWASP Top 10 most critical web application security risks
• It is able to adapt to constantly-changing applications in very dynamic network environments
• It can run standalone or integrated with other modules like BIG-IP LTM, BIG-IP DNS, BIG-IP APM, etc

Why A Layer 7 Firewall?

Traditional network firewalls (Layer 3–4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic. As David Holmes points out in his article series on F5 firewalls, threat vectors today are being introduced at all layers of the network. For example, the Slowloris and HTTP Flood attacks are Layer 7 attacks…a traditional network firewall would never stop these attacks. But, nonetheless, your application would still go down if/when it gets hit by one of these. So, it’s important to defend your network with more than just a traditional Layer 3–4 firewall. That’s where the ASM comes in…

Some Key Features

The ASM comes pre-loaded with over 2,200 attack signatures. These signatures form the foundation for the intelligence used to allow or block network traffic. If these 2,200+ signatures don’t quite do the job for you, never fear…you can also build your own user-defined signatures. And, as we all know, network threats are always changing so the ASM is configured to download updated attack signatures on a regular basis.

Also, the ASM offers several different policy building features. Policy building can be difficult and time consuming, especially for sites that have a large number of pages. For example, DevCentral has over 55,000 pages…who wants to hand-write the policy for that?!? No one has that kind of time. Instead, you can let the system automatically build your policy based on what it learns from your application traffic, you can manually build a policy based on what you know about your traffic, or you can use external security scanning tools (WhiteHat Sentinel, QualysGuard, IBM AppScan, Cenzic Hailstorm, etc) to build your policy. In addition, the ASM comes configured with pre-built policies for several popular applications (SharePoint, Exchange, Oracle Portal, Oracle Application, Lotus Domino, etc).

Did you know? The BIG-IP ASM was the first WAF to integrate with a scanner. WhiteHat approached all the WAFs and asked about the concept of building security policy around known vulnerabilities in the apps. All the other WAFs said “no”…F5 said “of course!” and thus began the first WAF-scanner integration.

The ASM also utilizes Geolocation and IP address intelligence to allow for more sophisticated and targeted defense measures. You can allow/block users from specific locations around the world, and you can block IP addresses that have built a bad reputation on other sites around the Internet. If they were doing bad things on some other site, why let them access yours?

The ASM is also built for Payment Card Industry Data Security Standard (PCI DSS) compliance. In fact, you can generate a real-time PCI compliance report at the click of a button! The ASM also comes loaded with the DataGuard feature that automatically blocks sensitive data (Credit Card numbers, SSN, etc) from being displayed in a browser.

In addition to the PCI reports, you can generate on-demand charts and graphs that show just about every detail of traffic statistics that you need. The following screenshot is a representative sample of some real traffic that I pulled off a site that uses the ASM. Pretty powerful stuff!

Next post will be coming soon, if interested you can visit our website- https://techclick.in for more content.