Forum Discussion
Johnnyx_304575
Cirrus
CirrusApplication Security Policy - Learning and Building
I am new to configuring Application Security Profiles. I have a few that are built and that are currently in learning mode (not blocking).
1. How long should I leave these in learning?
2. The suggest...
samstep
Cirrocumulus
CirrocumulusThe answer is "it depends" as you need to understand your application - e.g. is it an application which changes rarely (e.g. once a year) or an application which changes weekly/daily? Do you have access to developers/architects which can advise you on how the application works or is it a 3rd-party application?
It is advisable to learn the application in test environment, not in production - if you enable learning in production the risk is that ASM will learn all the attacks as legitimate traffic.
Do you know if the application has known vulnerabilities and if penetration testing has been done?
A good way to start protecting an application if it has known vulnerabilities is to get a copy of vulnerability scan report (in XML) an import that into the policy as ASM will be protecting the specific URLs and parameters which have known vulnerabilities. That will be more efficient than trying to "learn" it.
The best way of course is to get an application security consultant who can build an ASM policy manually for you with application-specific protections.