What is a good tool to test ASM security policies?

Question

What is a good tool to test ASM security policies? Something like a web application vulnerability scanner?&nbsp;

leonardo_souza · Answer

Yes, a vulnerability scan.
Any vulnerability scan will work, but if you do with the ones ASM supports, you can then import the report in the ASM to a create a policy.&nbsp;
Have a look in this link:
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/4.html&nbsp;
This is the Gartner quadrant for application security testing (should tell who is good or not):
https://www.gartner.com/doc/reprints?id=1-2KU6P9E&amp;ct=150807&amp;st=sb&nbsp;
I also found this link, with a large list of scanners:
http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List&nbsp;

jinshu · Answer

Hi Mate,&nbsp;
You can use any vulnerability scan to test the ASM functionality. If you are looking for real exploit test, you can use Kali linux which is the well known available opensource pen test tool.&nbsp;
-Jinshu&nbsp;

Forum Discussion

What is a good tool to test ASM security policies?

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Security Policy not syncing between devices

Securing GraphQL with Advanced WAF declarative policies

Using ChatGPT for security and introduction of AI security

Virtual server security policy

iRule for AFM IP Intelligence security policy to work with HTTP XFF (X-Forwarded-For) headers