Forum Discussion
2 Replies
- Leonardo_SouzaCirrocumulus
Yes, a vulnerability scan. Any vulnerability scan will work, but if you do with the ones ASM supports, you can then import the report in the ASM to a create a policy.
Have a look in this link: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/4.html
This is the Gartner quadrant for application security testing (should tell who is good or not): https://www.gartner.com/doc/reprints?id=1-2KU6P9E&ct=150807&st=sb
I also found this link, with a large list of scanners: http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List
- JinshuCirrus
Hi Mate,
You can use any vulnerability scan to test the ASM functionality. If you are looking for real exploit test, you can use Kali linux which is the well known available opensource pen test tool.
-Jinshu