For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

F5findings_1446's avatar
F5findings_1446
Icon for Nimbostratus rankNimbostratus
Jun 08, 2016

ASM policy analysis for one of the web application.

Dear all,   I want to do ASM policy analysis for one the already configured application in order to show to how much extent web application is secure through F5 ASM. the policy is already configur...
application delivery
ASM Advanced WAF
BIG-IP
security
Chris_Grant's avatar
Chris_Grant
Icon for Employee rankEmployee
Jun 08, 2016

There are a variety of security scanners that will check a website for known vulnerabilities, and any one of these can be ran against the ASM. The ASM can integrate with Whitehat and Cenzic for vulnerability scanning and automatic import of results, for instance.

 

Your best bet for normal operation would be to use one of these to check your system for known issues. If you want something more comprehensive you are likely looking at hiring someone to do a full security assessment of your website.

 

As to what to include, this depends on your application and on the results of the audit. You will want to use the results of the audit to reconfigure your ASM to protect your website further, and can then rescan and compare the results. Beyond that I would say let the data lead you.