F5 BIG-IP ASM - Parameter Tampering Attacks

Cookie Tampering Attacks, HTTP Header Tampering Attacks or Parameter Tampering Attacks can’t be blocked from traditional firewalls. Instead, we should deploy a Web Application Firewall (WAF) where we can configure a Positive Security Policy that allows file types, URLs and parameters. If we configure a security policy, which is Learning with Add All Entities, we’ll have granular protection of entities and much more security protection but maintenance efforts will be high. It’s up to you what level of protection you need.

I would like to show how we can configure a policy for Protecting Static Parameters. It’s important to highlight that security engineers will have to work along with developers to understand web application logic because it will be necessary to know the amount of parameters, the type of parameters and their values as well. We can watch in the next video that the “payment” parameter is static and it has four static values, then, when the “payment” value is not one of the values configured, the request is blocked.

I would also like to show how we can configure a policy for Protecting Dynamic Parameters. It’s similar than protecting static parameters but dynamic means we don’t know the value. Therefore, we have to define dynamic parameter extraction properties which depend on how the web application handles parameter name/value pairs. For instance, we can configure extractions searching in links, searching in response bodies, searching entire forms, searching within forms or even searching in XML files. We can watch in the next video that the “nick” parameter is dynamic and it is extracted from “index.php” searching in the entire form.

Regards my friends and drop me a line if you want to configure advanced parameter handling in your security policy.