Forum Discussion

Victor_A__Pinto's avatar
Victor_A__Pinto
Icon for Nimbostratus rankNimbostratus
May 16, 2020

Making Policy with Vulnerability assessment tool, it's possible?

Hello everyone!

 

I would like to know if anyone has created a security policy base on a vulnerability scanner? In my case, I am reviewing the ASM documentation and I find an option that says: "Security policy integrated with vulnerability assessment tool"

 

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-13-0-0/2.html

 

but i have not found much documentation about it and I am interested, I'm trying to do a quick learning for a security policy using OWASP ZAP, but I'm not sure of the results, also I find that there is an option in the ASM where I can download a template for a generic scanner, but I don´t know how to use it.

 

Could someone give me some links or documentation, or if you have experience can you help me, please!

 

Thank you very much in advance!

ASM Advanced WAF
security

3 Replies

Sort By
  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Icon for Employee rankEmployee
    May 19, 2020

    You need to do next:

    1. Select Vulnerability Assessment Tool on "Security ›› Application Security : Vulnerability Assessments : Settings" page. As there is no OWASP ZAP, then you need to select Generic Scanner
    2. Download Generic Schema to use it in your scanner's configuration
    3. Scan application with you scanner
    4. Import resulted report to ASM on "Security ›› Application Security : Vulnerability Assessments : Vulnerabilities" page

     

    Thanks, Ivan

    • Victor_A__Pinto's avatar
      Victor_A__Pinto
      Icon for Nimbostratus rankNimbostratus
      May 20, 2020

      Thanks Ivan,

      try to upload the file as generated by ASM but it apparently doesn't work with OWASP ZAP.

      Thanks a lot