Lab 2.2: Data Guard

DataGuard is a DLP-like feature of ASM that can prevent harmful data leakage from your application in the event of a successful attack. It can also be used to help prevent users from entering certain types of data that should not be stored in a particular system. This feature should be deployed with care as it has the potential to break applications if applied too broadly.

Task 1 - Configure DataGuard

  1. From within your existing ASM policy, navigate to Security -> Application Security -> Data Guard.

  2. Click the checkbox to enable DataGuard, then click Save.


  3. Navigate to Security -> Application Security -> Policy Building -> Learning and Blocking Settings.

  4. Use the search box to find the Data Guard section and disable blocking:


  5. Click Save.

  6. Click Apply Policy .


Deploying DataGuard too pervasively can have a negative performance impact on your system. In a production environment we typically recommend deploying DataGard against specific URLs where possible.

Task 2 - Test DataGuard

  1. Open a new private browsing window in Firefox and login as to Juiceshop

  2. Navigate to Account > Orders & Payment > My saved addresses


  3. Add a new address choosing values for the field and placing something that looks like a US Social Security number in the name field.


  4. Click submit and you will see your save address with the all but the last 4 digits of the name value replaced with ****



    You can also use PCRE to define custom patterns for obfuscation. Feel free to experiment with this as it can have interesting consequences for the application (intentional or otherwise).

This concludes section 2.2