F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Johnnyx_304575's avatar
Johnnyx_304575
Icon for Cirrus rankCirrus
Aug 07, 2018

Application Security Policy - Learning and Building

I am new to configuring Application Security Profiles. I have a few that are built and that are currently in learning mode (not blocking). 1. How long should I leave these in learning? 2. The suggest...
ASM Advanced WAF
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Aug 10, 2018

The answer is "it depends" as you need to understand your application - e.g. is it an application which changes rarely (e.g. once a year) or an application which changes weekly/daily? Do you have access to developers/architects which can advise you on how the application works or is it a 3rd-party application?

 

It is advisable to learn the application in test environment, not in production - if you enable learning in production the risk is that ASM will learn all the attacks as legitimate traffic.

 

Do you know if the application has known vulnerabilities and if penetration testing has been done?

 

A good way to start protecting an application if it has known vulnerabilities is to get a copy of vulnerability scan report (in XML) an import that into the policy as ASM will be protecting the specific URLs and parameters which have known vulnerabilities. That will be more efficient than trying to "learn" it.

 

The best way of course is to get an application security consultant who can build an ASM policy manually for you with application-specific protections.