101 · Question #167
Which of the following statements are incorrect regarding protection of web services? (Choose 2)
The correct answer is A. The BIG-IP ASM System checks to ensure web services use cookies. B. The BIG-IP ASM System parses XML requests and XML responses.. BIG-IP ASM does not enforce cookie usage for web services, and its XML protection scope for web services focuses on request parsing rather than response parsing.
Question
Which of the following statements are incorrect regarding protection of web services? (Choose 2)
Options
- AThe BIG-IP ASM System checks to ensure web services use cookies.
- BThe BIG-IP ASM System parses XML requests and XML responses.
- CThe BIG-IP ASM System checks to ensure XML documents are well formed.
- DThe BIG-IP ASM System uses attack signatures to enforce negative security logic.
- EThe BIG-IP ASM System checks for XML syntax, schema validation, and WSDL validation.
How the community answered
(31 responses)- A77% (24)
- C10% (3)
- D3% (1)
- E10% (3)
Why each option
BIG-IP ASM does not enforce cookie usage for web services, and its XML protection scope for web services focuses on request parsing rather than response parsing.
Web services (SOAP/REST) communicate statelessly and do not rely on HTTP cookies, so ASM does not check or enforce cookie usage as part of its web service protection - this statement is technically incorrect.
BIG-IP ASM parses XML in inbound requests for web service protection; it does not perform XML parsing on XML responses as part of its core web services security enforcement, making this statement incorrect.
ASM does verify that XML documents are well-formed as part of its XML validation features, making this a correct statement and therefore not one of the incorrect ones.
ASM uses attack signatures to apply negative security logic against known web service attack patterns such as SQL injection inside XML payloads, which is a correct statement.
ASM performs XML syntax checking, XML schema validation against imported XSD files, and WSDL validation, all of which are correct capabilities and not incorrect statements.
Concept tested: BIG-IP ASM web services XML protection scope and limitations
Source: https://techdocs.f5.com/kb/en-us/products/big-ip-asm/manuals/product/asm-implementations-13-1-0/13.html
Topics
Community Discussion
No community discussion yet for this question.