Escolar Documentos
Profissional Documentos
Cultura Documentos
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or
affiliation, express or implied, claimed by F5.
These training materials and documentation are F5 Confidential Information and are subject to the F5 Networks Reseller Agreement. You
may not share these training materials and documentation with any third party without the express written permission of F5.
The F5 vLab (virtual lab environment) is an F5-community supported tool. Please DO NOT contact F5 Support for assistance with the vLab.
For help with the setup of the vLab or running a demonstration, you should contact your F5 Channel Account Manager (CAM).
Part 1 Preparing the BIG-IP Demo Environment
NOTE: If you use the Configuration Utility to restore the archive file it may damage an updated
license.
On the Windows_7_External desktop, use a web browser to access and log in to https://10.1.1.245.
Open the System > Resource Provisioning page and set the following, and then click Submit.
o Leave Local Traffic (LTM) set to Nominal
o Set Application Security (ASM) to Nominal
Create a monitor using the following information, and then click Finished.
Name dvwa_monitor
Type HTTP
Send String GET /login.php\r\n
Receive String RandomStorm
Create a pool using the following information, and then click Finished.
Name dvwa_pool
Health Monitor dvwa_monitor
Members Address Service Port
10.1.20.17 80
Create a new virtual server using the following information, and then click Finished.
Name dvwa_virtual
Destination Address 10.1.10.35:443
HTTP Profile http
SSL Profile (Client) f5demo_client_ssl
Source Address Translation Auto Map
Default Pool dvwa_pool
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 3
Part 1 Preparing the BIG-IP Demo Environment
NOTE: If you are unable to access this host name, complete Exercise 2, Task 8 in the vLab Setup
Guide.
Command Execution
On the navigation menu, click Command Execution.
Type 10.1.20.50 into the field and then click submit.
The purpose of this feature is to simply ping a hostname or IP address. This is not a malicious threat to
the web application.
Type 10.1.20.50; cat /etc/passwd into the field and then click submit.
You have exposed the contents of the passwd file on this web server. With the IP address and a
semi-colon preceding the cat command, you are able to retrieve confidential files on the web server.
The goal of command execution attacks is to be able to run arbitrary commands on the target host
operating system.
SQL Injection
On the navigation menu, click SQL Injection.
Type 1 into the field, and then click Submit.
The purpose of this feature is to print the ID, first name, and surname of the submitted user ID. This is
the expected behavior of this feature.
In the User ID field copy and paste the following, and then click Submit:
%' or 1='1
You are presented with all of the users in the database.
In the User ID field copy and paste the following, and then click Submit:
%' or 1=1 union select null, database () #
The final record displays the database name (dvwa).
In the User ID field copy and paste the following, and then click Submit:
%' or 1=1 union select null, table_name from information_schema.tables #
Every record after Bob Smith displays a table named from this database server.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 4
Part 1 Preparing the BIG-IP Demo Environment
In the User ID field copy and paste the following, and then click Submit:
%' or 1=1 union select null, concat ( 0x0a, user_id, 0x0a, first_name, 0x0a,
last_name, 0x0a, user, 0x0a, password) from users #
Every record after Bob Smith displays the user ID, first name, last name, user name, and password
(in a hash format) of a different user in the users table. A successful SQL injection exploit can read
sensitive data from the application database, modify database data, or even delete data or the entire
database.
Cross-Site Scripting
On the navigation menu, click XSS reflected.
In the field type your first name and click Submit:
This feature simply returns text that we type into the web page response.
Copy and paste the following in the field, and then click Submit.
Credit card number: 4111-1111-1111-1111.
Credit card numbers are being sent in cleartext in the HTTP response. This is known as data leakage.
Copy and paste the following in the field, and then click Submit.
<script>alert("Your system is infected! Call 999-888-7777 for help.")</script>
The information in the message field is JavaScript code. The user is presented with an alert dialog box.
This information is now stored in the application database and will be presented to all users that
access this comments page. Using cross-site scripting, a hacker could add anything that JavaScript can
do into the field, which then gets inserted into the database.
Copy and paste the following in the field, and then click Submit.
<script>window.location="http://www.hackthissite.org"</script>
This script redirects the users to a completely different web site. Cross-site scripting is a powerful
exploit because a hacker can insert JavaScript code into the database. When legitimate users access a
web page that references the database record, their device is then susceptible to the malicious
content.
Forceful Browsing
Change the URL to https://dvwa.vlab.f5demo.com/private.txt.
Change the URL to https://dvwa.vlab.f5demo.com/calc.exe, and then run this application file.
These are examples of files that are not accessible through links, but are in fact present within the
web server directory. A forceful browsing attack aims to access resources that are not referenced by
the web application, but are still accessible.
Close the browser.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 5
Part 1 Preparing the BIG-IP Demo Environment
In the Configuration Utility, open the Security > Application Security > Security Policies > Active Policies
page, and then click Create.
Leave the Existing Virtual Server option selected and click Next.
On the Configure Local Traffic Settings page:
o In the protocol list, select HTTPS.
o In the HTTPS Virtual Server list box, leave dvwa_virtual selected and click Next.
Leave the Create a policy automatically (recommended) option selected and click Next.
On the Configure Security Policy Properties page:
o For Security Policy Name enter dvwa_security_policy.
o From the Security Policy Language list, select Unicode (utf-8), and then click Next.
On the Configure Attack Signatures page:
o From the Available Systems list, move the following to the Assigned Systems list.
Operating Systems > Unix/Linux
Web Servers > Apache and Apache Tomcat
Languages, Frameworks and Applications > PHP
Database Servers > MySQL
o Leave Signature Staging enabled and click Next.
On the Configure Automatic Policy Building page:
o From the Policy Type list, select Comprehensive.
o Slide the Policy Builder learning speed control to Fast.
o From the Trusted IP Addresses list box, leave Address List selected.
o In the IP Address box, enter 10.1.10.0.
o In the Netmask box, enter 255.255.255.0, and then click Add.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 6
Part 1 Preparing the BIG-IP Demo Environment
Open the Security > Policies page.
We will log all requests while were in development of the security policy. When the policy is ready to
move to production we would return the configuration to log only illegal requests.
Log into the application, and then click the Refresh button.
On the navigation menu, click Instructions.
Click the Copying link, and then click the PHPIDS License link.
On the navigation menu, click DVWA Security.
Change the security level to medium, and then click Submit.
Change the security level to high, and then click Submit.
Change the security level back to low, and then click Submit.
On the navigation menu, click PHP Info, and then click the Back button.
On the navigation menu, click About.
On the navigation menu, click Command Execution.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 7
Part 1 Preparing the BIG-IP Demo Environment
Type 10.1.20.50 into the field and then click submit.
On the navigation menu, click SQL Injection.
Type 2 into the field, and then click Submit.
On the navigation menu, click XSS reflected.
Type your first name into the field, and then click Submit.
Copy and paste the following in the field, and then click Submit.
Credit card number: 4111-1111-1111-1111.
Open Mozilla Firefox, then click the Open menu button, and then click Add-ons.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 8
Part 1 Preparing the BIG-IP Demo Environment
In the Configuration Utility, open the Security > Application Security> Policy Building >
Learning and Blocking Settings page.
On the right-side of the page, view the Advanced settings.
Select the asm_requests.iim iMacro, in the Max field type 5, and then click Play (Loop).
NOTE: If you receive the blocking response page, close Firefox and then try the two steps
above once more.
Once the id, ip, and name parameters are all listed as User-input value types and are not in staging,
move on to task 7.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 9
Part 1 Preparing the BIG-IP Demo Environment
In the Configuration Utility open the Security > Application Security> Policy Building >
Learning and Blocking Settings page.
From the Learning Mode list select Manual.
Expand Data Guard, then clear the Block checkbox, and then click Save
This ensures that credit card numbers and social security numbers will be masked, but the pages that
display these masked values will not be blocked by BIG-IP ASM.
Open the Security > Application Security > Data Guard page.
Select the Data Guard, Credit Card Numbers, and Mask Data checkboxes, and then click Save.
Open the Security > Application Security > Policy > Response Pages page.
From the Response Type list box, select Custom Response.
Edit the Response Body by copying and pasting the following, and then click Save.
<html><head><title>Illegal Request</title></head>
<body>For security purposes, Lorax Investments has blocked this <font
color=red>illegal request</font>.<br><br>
You can contact our technical support department and supply them with the
following support ID: <b><%TS.request.ID()%></b></body></html>
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 10
Part 1 Preparing the BIG-IP Demo Environment
Use a new incognito window and click the DVWA bookmark, and then log into the application.
On the navigation menu, click Command Execution.
Type 10.1.20.50 into the field and then click submit.
Type 10.1.20.50; cat /etc/passwd into the field and then click submit.
The valid request is allowed, while the command execution attempt was blocked by BIG-IP ASM.
Click on the Back button, and then click SQL Injection.
Type 4 into the field, and then click Submit.
In the User ID field type the following and then click Submit:
%' or 1='1
The valid request is allowed, while the SQL Injection attempt is blocked by BIG-IP ASM.
Click on the Back button, and then click XSS reflected.
Type the following into the field and then click Submit:
Credit card: 4111-1111-1111-1111.
The credit card number is now masked by BIG-IP ASM.
Type your last name into the field, and then click Submit.
Type the following into the field and then click Submit:
<script></script>
Click the Back button, and then type the following into the field and click Submit:
<iframe></iframe>
The valid request is allowed, while the cross-site scripting attempts are blocked by BIG-IP ASM.
Change the URL to https://dvwa.vlab.f5demo.com/private.txt.
Change the URL to https://dvwa.vlab.f5demo.com/calc.exe.
Both of these forceful browsing attempts are blocked by BIG-IP ASM.
In the Configuration Utility, open the Security > Event Logs > Application > Requests page.
Select the blocked vulnerabilities/exec/ entry.
This request was blocked for several reasons, including being recognized as a command execution
attack.
Close the window, and then select the blocked vulnerabilities/sqli/ entry.
This request was blocked because it was recognized as a SQL injection attack.
Close the window, and then select the illegal (not blocked) vulnerabilities/xss_r/ entry, and then click
Data Guard: Information leakage detected.
This request wasnt blocked; however ASM recognized the credit card number in the response and
masked to content, preventing data leakage.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 11
Part 1 Preparing the BIG-IP Demo Environment
Close the window, and then select the earliest blocked vulnerabilities/xss_r/ entry, and then click
Attack signature detected.
This request was blocked because it triggered the XSS script tag signature.
Close the window, and then select the latest blocked vulnerabilities/xss_r/ entry, and then click
Attack signature detected.
This request was blocked because it triggered the iframe tag signature.
Close the window, and then select the blocked /private.txt entry.
This request was blocked for several reasons, including being an illegal file type and an illegal URL.
The attack type is buffer overflow and forceful browsing.
In the DVWA web page click the DVWA bookmark, and then log into the application.
On the navigation menu, click Brute Force.
Click on the Back button, and then on the navigation menu, click Upload.
Both pages are blocked because the URLs wasnt added to the Allowed URLs list. However we need
users to be able to access the Brute Force page.
Close the blocked page.
In the Configuration Utility, on the Event Logs > Application > Requests page click Go.
Select the blocked vulnerabilities/brute/ entry.
This request was blocked because its an illegal URL. We need users to access this page; therefore
well add it to the Allowed URLs page.
For the Illegal URL violation, click the Learn button, and then close the View Full Request window.
This navigates to the Traffic Learning page. Notice the Action for this suggestion is to Add URL.
Click Accept Suggestion, and then click Accept Suggestion.
Open the Allowed URLs page, and then move to the second page of URLs.
The /vulnerabilities/brute/ URL was added to the security policy.
Click Apply Policy and then OK.
Use a new incognito window and click the DVWA bookmark, and then log into the application.
On the navigation menu, click Brute Force.
Users now have access to the Brute Force page
In the Username field type admin, and in the Password field type password, and then click Login.
Although we havent done anything malicious, the request was blocked.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 12
Part 1 Preparing the BIG-IP Demo Environment
Click on the Back button, and then on the navigation menu, click CSRF.
The user is blocked from accessing the CSRF page. This is the expected behavior of the security policy,
as we do not want users accessing this page.
Close the blocked page.
In the Configuration Utility, open the Event Logs > Application > Requests page.
Select the blocked /vulnerabilities/brute/ entry, and then click Illegal parameter.
This request was blocked because there are three parameters on the page that are not included in
the security policy.
For the Illegal parameter violation, click the Learn button, and then close the View Full Request window.
There are three Illegal parameter suggestions. All three need to be included in the security policy.
Select the checkboxes for all three suggestions.
Notice the Action for all three suggestions is to Add Parameter.
Click Accept Suggestions, and then click Accept Suggestions.
Click Apply Policy and then OK.
Use a new incognito window and click the DVWA bookmark, and then log into the application.
On the navigation menu, click Brute Force.
Users now have access to the Brute Force page
In the Username field type admin, and in the Password field type password, and then click Login.
The request, along with the three parameters, is now allowed.
Close the DVWA page.
Use a new private window in Firefox and access and log into http://dvwa.vlab.f5demo.com,
In the iMacros pane select asm_hacker.iim.
On the Play tab in the Max field type 25, and then click Play (Loop).
This macro submits several malicious requests to the DVWA web application, including command
execution, forceful browsing, SQL injection, and cross-site scripting.
After the iMacro has finished running, close Firefox.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 13
Part 1 Preparing the BIG-IP Demo Environment
In the Configuration Utility, open the Security > Reporting > Application > Charts page.
NOTE: It will take several minutes for all of the transaction data to load.
In the Details section, click /Common/dvwa_security_policy, then click <Unassigned>, and then
click /Common/dvwa_virtual.
This displays the number of legal, blocked, and alarmed requests for this virtual server.
In the Details section, clear the Overall checkbox.
Change the Chart type to Stacked, and the Time Period to Last Hour.
In the Details section, click Blocked.
These are the attack types that were blocked by ASM while you ran the macro.
From the Time Period list select Custom.
Use the Custom Time Period options to select the past 15 minutes only, and then click Update.
Click Collapse Advanced Filters.
Navigate back to Security Policy.
From the Advanced Filter list box, select Top attacks in last hour.
From the Advanced Filter list box, select Top blocked URLs.
This displays the URLs that ASM protected and how many times malicious attacks were blocked.
From the Advanced Filter list box, select Top violations in last hour.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 14
Part 2 Delivering the BIG-IP Demo to a Customer
NOTE: If you use the Configuration Utility to restore the archive file it may damage an updated
license.
On the Windows_7_External desktop, use a web browser to access and log in to https://10.1.1.245.
Use a new incognito window and click the DVWA bookmark, and then log into the application.
Command Execution
On the navigation menu, click Command Execution.
Type 10.1.20.50 into the field and then click submit.
Users type a hostname or IP address in this field and submit it. The hostname or IP address is sent to
the web server. The web server then pings the hostname or IP address and displays the results.
Type 10.1.20.50; cat /etc/passwd into the field and then click submit.
With the IP address and a semi-colon preceding the cat command, you have exposed the contents of
the passwd file on this web server. This is not the intended use of this field, and it is a target for
hackers to exploit. The goal of command execution attacks is to be able to run arbitrary commands on
the target host operating system.
SQL Injection
On the navigation menu, click SQL Injection.
Type 2 into the field, and then click Submit.
The purpose of this feature is to print the ID, first name, and surname of the submitted user ID. This is
the expected behavior of this feature.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 15
Part 2 Delivering the BIG-IP Demo to a Customer
In the User ID field copy and paste the following, and then click Submit:
%' or 1='1
You are presented with all of the users in the database.
In the User ID field copy and paste the following, and then click Submit:
%' or 1=1 union select null, concat ( 0x0a, user_id, 0x0a, first_name, 0x0a,
last_name, 0x0a, user, 0x0a, password) from users #
Every record after Bob Smith displays the user ID, first name, last name, user name, and password
(in a hash format) of a different user in the users table. A successful SQL injection exploit can read
sensitive data from the application database, modify database data, or even delete data or the entire
database.
Cross-Site Scripting
On the navigation menu, click XSS reflected.
In the field type the customers first name and click Submit:
This feature simply returns text that we type into the web page response..
Copy and paste the following in the field, and then click Submit.
Credit card number: 4111-1111-1111-1111.
Credit card numbers are being sent in cleartext in the HTTP response. This is known as data leakage.
Copy and paste the following in the field, and then click Submit.
<script>alert("Your system is infected! Call 999-888-7777 for help.")</script>
The information in the message field is JavaScript code. The user is presented with an alert dialog box.
This information is now stored in the application database and will be presented to all users that
access this comments page. Using cross-site scripting, a hacker could add anything that JavaScript can
do into the field, which then gets inserted into the database.
Copy and paste the following in the field, and then click Submit.
<script>window.location="http://www.hackthissite.org"</script>
This script redirects the users to a completely different web site. Cross-site scripting is a powerful
exploit because a hacker can insert JavaScript code into the database. When legitimate users access a
web page that references the database record, their device is then susceptible to the malicious
content.
Forceful Browsing
Change the URL to https://dvwa.vlab.f5demo.com/private.txt.
Change the URL to https://dvwa.vlab.f5demo.com/calc.exe, and then cancel the download.
These are examples of files that are not accessible through links, but are in fact present within the
web server directory. A forceful browsing attack aims to access resources that are not referenced by
the web application, but are still accessible.
Click Logout, and then close the browser.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 16
Part 2 Delivering the BIG-IP Demo to a Customer
In the Configuration Utility, open the Virtual Servers List page and click dvwa_virtual.
This virtual server was created prior to this demonstration. We used this virtual server to access the
DVWA web application.
Open the Security > Policies page.
From the Application Security Policy list box, select Enabled, and then click Update.
By default, BIG-IP ASM will use dvwa_security_policy as its the only configured security policy on this
BIG-IP system. I created this security policy earlier from normal, expected user traffic.
Open the Security > Application Security > Security Policies > Active Policies page.
The dvwa_security_policy is in the Blocking enforcement mode.
Click dvwa_security_policy, then open the Tree View page, then expand /vulnerabilities/brute.
The Tree View page displays all of the allowed URLs and parameters for this web application.
Open the Security > Application Security > Policy > Response Pages page.
This page enables us to create a custom blocking response page for malicious users.
In the Response Body, edit the text Lorax Investments with the customers name, and then click Save.
Click Apply Security Policy and then OK.
When updating a security policy with BIG-IP ASM, you must always click Apply Policy to see the
changes in the application.
Use a new incognito window and click the DVWA bookmark, and then log into the application.
On the navigation menu, click Command Execution.
Type 10.1.20.50 into the field and then click submit.
Type 10.1.20.50; cat /etc/passwd into the field and then click submit.
The valid request is allowed, while the command execution attempt was blocked by BIG-IP ASM.
Click on the Back button, and then click SQL Injection.
Type 4 into the field, and then click Submit.
In the User ID field type the following and then click Submit:
%' or 1='1
The valid request is allowed, while the SQL Injection attempt is blocked by BIG-IP ASM.
Click on the Back button, and then click XSS reflected.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 17
Part 2 Delivering the BIG-IP Demo to a Customer
Copy and paste the following into the field and then click Submit:
Credit card: 4111-1111-1111-1111.
The credit card number is now masked by BIG-IP ASM. This prevents data leakage of sensitive user
data.
Type the customers last name into the field, and then click Submit.
Type the following into the field and then click Submit:
<script></script>
Click the Back button, and then type the following into the field and click Submit:
<iframe></iframe>
The valid request is allowed, while the cross-site scripting attempts are blocked by BIG-IP ASM.
Change the URL to https://dvwa.vlab.f5demo.com/private.txt.
Change the URL to https://dvwa.vlab.f5demo.com/calc.exe.
Both of these forceful browsing attempts are blocked by BIG-IP ASM.
In the Configuration Utility, open the Security > Event Logs > Application > Requests page.
Select the blocked vulnerabilities/exec/ entry.
This request was blocked for several reasons, including being recognized as a command execution
attack.
Close the window, and then select the blocked vulnerabilities/sqli/ entry.
This request was blocked because it was recognized as a SQL injection attack.
Close the window, and then select the illegal (not blocked) vulnerabilities/xss_r/ entry, and then click
Data Guard: Information leakage detected.
This request wasnt blocked; however ASM recognized the credit card number in the response and
masked to content, preventing data leakage.
Close the window, and then select the earliest blocked vulnerabilities/xss_r/ entry, and then click
Attack signature detected.
This request was blocked because it triggered the XSS script tag signature.
Close the window, and then select the latest blocked vulnerabilities/xss_r/ entry, and then click
Attack signature detected.
This request was blocked because it triggered the iframe tag signature.
Close the window, and then select the blocked /private.txt entry.
This request was blocked for several reasons, including being an illegal file type and an illegal URL.
The attack type is buffer overflow and forceful browsing.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 18
Part 2 Delivering the BIG-IP Demo to a Customer
In the DVWA web page click the DVWA bookmark, and then log into the application.
On the navigation menu click CSRF.
The user is blocked from this page, however we need users to be able to access this page.
Click the Back button, and then click SQL Injection (Blind).
Type 5 into the field, and then click Submit.
The user has access to this page but was blocked from submitting data using the field. We need users
to be able to submit information using this form field.
Close the blocked page.
In the Configuration Utility, on the Event Logs > Application > Requests page click Go.
Select the blocked vulnerabilities/csrf/ entry.
This request was blocked because its an illegal URL. We need users to access this page; therefore
well add it to the Allowed URLs page.
For the Illegal URL violation, click the Learn button, and then close the View Full Request window.
This navigates to the Traffic Learning page. Notice the Action for this suggestion is to Add URL.
Click Accept Suggestion, and then click Accept Suggestion.
Open the Allowed URLs page, and then move to the second page of URLs.
The /vulnerabilities/csrf/ URL was added to the security policy.
Open the Event Logs > Application > Requests page.
Select the blocked vulnerabilities/sqli_blind/ entry, and then click Illegal parameter.
This request was blocked because there are two parameters on the page that are not included in the
security policy.
For the Illegal parameter violation, click the Learn button, and then close the View Full Request window.
There are two Illegal parameter suggestions. Both need to be included in the security policy.
Select the checkboxes for both suggestions.
Notice the Action for both suggestions is to Add Parameter.
Click Accept Suggestions, and then click Accept Suggestions.
Click Apply Policy and then OK.
Use a new incognito window and click the DVWA bookmark, and then log into the application.
On the navigation menu, click CSRF.
Users now have access to the CSRF page.
Click SQL Injection (Blind).
Type 5 into the field, and then click Submit.
Users can now interact with the web application using this form field.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 19
Part 2 Delivering the BIG-IP Demo to a Customer
Close the DVWA page.
Use a new private window in Firefox and access and log into http://dvwa.vlab.f5demo.com,
If its not already displayed, enable the iMacros pane.
In the iMacros bar select asm_hacker.iim, and in the Max box, type 25, and then click Play (Loop).
This macro is making several illegal requests to the web application. You can see that they are all
receiving a blocking response page.
After the iMacro has finished running, close Firefox.
Open the Security > Reporting > Application > PCI Compliance page.
The PCI Compliance report identifies security measures required to comply with PCI-DSS 3.0.
It indicates which measures are met, which are not met, which are not relevant.
Click Assign a unique ID to each person with computer access.
In order to meet PCI compliance, we need to have unique user IDs for all BIG-IP system
administrators.
Click Do not use vendor-supplied defaults for system passwords and other security parameters.
In order to meet PCI compliance, we cannot use the default passwords for the built-in admin and root
usernames.
To fix this compliance issue, in the Default Users section, click on the root username.
o Update the root password to dvwa
o Update the admin password to dvwa, then click Update, and then click OK.
Log back into the BIG-IP system using the new password.
Open the System > Users > User List page, and then click Create.
Create a new user account using the following information, and then click Finished.
User Name your first name
Password your last name (all lowercase)
Role Role: Administrator
Partition Partition: All
(Click Add)
Terminal Access Advanced shell
Open the Security > Reporting > Application > PCI Compliance page.
We have now met all of the security measures required for PCI compliance.
Click Printable Version, and then open the PDF.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 20
Part 2 Delivering the BIG-IP Demo to a Customer
Scroll down to the Known vulnerabilities protection section.
Customers can keep this PDF in their records to verify that theyve met their PCI compliance
requirements.
In the Configuration Utility, open the Security > Reporting > Application > Charts page.
In the Details section, click /Common/dvwa_security_policy, then click <Unassigned>, and then
click /Common/dvwa_virtual.
This displays the number of legal, blocked, and alarmed requests for this virtual server.
In the Details section, clear the Overall checkbox.
Change the Chart type to Stacked, and the Time Period to Last Hour.
In the Details section, click Blocked.
These are the attack types that were blocked by ASM while you ran the macro.
From the Time Period list select Custom.
Use the Custom Time Period options to select the past 15 minutes only, and then click Update.
Click Collapse Advanced Filters.
Navigate back to Security Policy.
From the Advanced Filter list box, select Top attacks in last hour.
From the Advanced Filter list box, select Top blocked URLs.
This displays the URLs that ASM protected and how many times malicious attacks were blocked.
From the Advanced Filter list box, select Top violations in last hour.
That concludes this demonstration on using BIG-IP ASM to block common web vulnerabilities.
WWFE vLab Guides Demo: Using ASM for Web Vulnerabilities; v12.0.0.01 Page | 21