Forum Discussion

F5findings_1446's avatar
F5findings_1446
Icon for Nimbostratus rankNimbostratus
Jun 08, 2016

ASM policy analysis for one of the web application.

Dear all,

 

I want to do ASM policy analysis for one the already configured application in order to show to how much extent web application is secure through F5 ASM. the policy is already configured for the application in F5 ASM. Can you guys help me over here that what details can be included in order to show protection & vulnerabilities.

 

Thanks...

 

1 Reply

  • There are a variety of security scanners that will check a website for known vulnerabilities, and any one of these can be ran against the ASM. The ASM can integrate with Whitehat and Cenzic for vulnerability scanning and automatic import of results, for instance.

     

    Your best bet for normal operation would be to use one of these to check your system for known issues. If you want something more comprehensive you are likely looking at hiring someone to do a full security assessment of your website.

     

    As to what to include, this depends on your application and on the results of the audit. You will want to use the results of the audit to reconfigure your ASM to protect your website further, and can then rescan and compare the results. Beyond that I would say let the data lead you.