101 · Question #254
Which of the following is not a method of protection for user-input parameters?
The correct answer is A. Value extraction. BIG-IP ASM protects user-input parameters through attack signatures, length restrictions, and meta character enforcement. Value extraction is a data retrieval operation, not a protection mechanism.
Question
Which of the following is not a method of protection for user-input parameters?
Options
- AValue extraction
- BAttack signatures
- CLength restriction
- DMeta character enforcement
How the community answered
(34 responses)- A88% (30)
- B3% (1)
- C3% (1)
- D6% (2)
Why each option
BIG-IP ASM protects user-input parameters through attack signatures, length restrictions, and meta character enforcement. Value extraction is a data retrieval operation, not a protection mechanism.
Value extraction is the process of pulling specific data from HTTP responses or content, not a method for protecting parameters from malicious input. It does not validate, restrict, or sanitize user-supplied parameter data in any way.
Attack signatures are a valid ASM protection method that inspects parameter values for known malicious patterns such as SQL injection or XSS strings.
Length restriction is a valid protection that limits how many characters a parameter value can contain, mitigating buffer overflow and oversized input attacks.
Meta character enforcement controls which special characters are permitted in parameter values, preventing injection attacks that rely on characters like quotes or semicolons.
Concept tested: BIG-IP ASM parameter-level protection methods
Source: https://techdocs.f5.com/en-us/bigip-16-1-0/big-ip-asm-implementations/setting-up-security-policy-manually.html
Topics
Community Discussion
No community discussion yet for this question.