ASM best practices and web application updates

Question

Hello!&nbsp;
Could anyone kindly elaborate how the ASM detects web application changes when the application has been upgraded and has changed - does it detect new variables/parameters (that have been added to the web application) etc and allow them after detection or does it block them by default till the learning counter increases enough to make the parameter valid?
We have a production system and users all over the world and the development team updates the apps quite frequently.
Are there any best practices how the web application upgrades should be handled ASM-wise?
Like for example putting the policy to transparent for a an hour or two till the new stuff has been learned by ASM so we won't get any legitimate users/data blocked?&nbsp;
Regards,
Erkki &nbsp;

samstep · Answer

Actually I believe the best practice is to never switch the policy to transparent mode in Production. The second you do that - you disable your protection and leave the application  exposed to attacks. &nbsp;
What you do is let the policy learn all the application changes in TEST environment - test it with your QA team and verify the changes with application developers to make sure the policy does not block good traffic, then export the policy out of test environment's ASM and import it into the Production ASM.&nbsp;

Forum Discussion

ASM best practices and web application updates

1 Reply

Recent Discussions

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

Related Content

AS3 Best Practice

Auditing Security Policy Updates

F5 Certified Practice Exams

Cipher Suite Practices and Pitfalls

Getting Started with BIG-IP Next: Migrating an Application Workload