Configuring an OWASP TOP10 profile
Configure a WAF profile based on OWASP Top 10 attacks. In the configuration wizard, you can select one or more OWASP Top 10 attacks, then FortiADC will aggregate all the WAF policies that can protect against the selected attacks. After you complete the OWASP TOP10 wizard, it will be listed in the WAF Profile table.
From FortiADC 7.1.0, the OWASP Top 10 list has been updated to the latest 2021 version. The OWASP Top 10 Wizard is automatically updated to the 2021 list, and the OWASP Top 10 2021 log data will be displayed through FortiView.
Log data from OWASP Top 10 2017 can still be accessed through the Security log.
To create a OWASP TOP10 profile:
- Go to Web Application Firewall > OWASP TOP10 Wizard
To access this part of the web UI, you must have Read-Write permission for Security settings.
- Select the top10 attacks that you want to prevent. Click Next.
- Select the Security Level, so that this OWASP Top10 profile will protect against the attacks with the corresponding security level.
- High: Only the attacks with high security level will be screened out.
- Medium: Attacks with medium and high security levels will both be screened out.
- Low: Attacks with low, medium, and high security levels will all be screened out.
- Enter a name and brief description for the profile. Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.
- Save the configuration.
You can view this profile in Web Application Firewall > WAF Profile.