Fortinet black logo

Handbook

Configuring an OWASP TOP10 profile

Configuring an OWASP TOP10 profile

Configure a WAF profile based on OWASP Top 10 attacks. In the configuration wizard, you can select one or more OWASP Top 10 attacks, then FortiADC will aggregate all the WAF policies that can protect against the selected attacks. After you complete the OWASP TOP10 wizard, it will be listed in the WAF Profile table.

To create a OWASP TOP10 profile:

  1. Go to Web Application Firewall > OWASP TOP10 Wizard
    To access this part of the web UI, you must have Read-Write permission for Security settings.
  2. Select the top10 attacks that you want to prevent. Click Next.
  3. Select the Security Level, so that this OWASP Top10 profile will protect against the attacks with the corresponding security level.
    1. High: Only the attacks with high security level will be screened out.
    2. Medium: Attacks with medium and high security levels will both be screened out.
    3. Low: Attacks with low, medium, and high security levels will all be screened out.
  4. Enter a name and brief description for the profile. Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.
  5. Save the configuration.

You can view this profile in Web Application Firewall > WAF Profile.

Configuring an OWASP TOP10 profile

Configure a WAF profile based on OWASP Top 10 attacks. In the configuration wizard, you can select one or more OWASP Top 10 attacks, then FortiADC will aggregate all the WAF policies that can protect against the selected attacks. After you complete the OWASP TOP10 wizard, it will be listed in the WAF Profile table.

To create a OWASP TOP10 profile:

  1. Go to Web Application Firewall > OWASP TOP10 Wizard
    To access this part of the web UI, you must have Read-Write permission for Security settings.
  2. Select the top10 attacks that you want to prevent. Click Next.
  3. Select the Security Level, so that this OWASP Top10 profile will protect against the attacks with the corresponding security level.
    1. High: Only the attacks with high security level will be screened out.
    2. Medium: Attacks with medium and high security levels will both be screened out.
    3. Low: Attacks with low, medium, and high security levels will all be screened out.
  4. Enter a name and brief description for the profile. Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.
  5. Save the configuration.

You can view this profile in Web Application Firewall > WAF Profile.