Asm test case

Question

is there any ways to test asm is configure and working as per expectation? Is there any attack test cases that will not damage or cause impact to the applications should the attack was not block?

erik_novak · Answer

If you ensure that your policy is in transparent mode, there will be no impact on your users or your application because violations will not be blocked. This will give you time to review events and decide when to place the policy into blocking mode. In addition to transparent mode, you can make sure that attack signatures and other violations remain in staging until you are sure that they will not cause false positives.

nathe · Answer

Lianjx, you could look to an automated tool such as OWASP Zap which would send different types of attacks to your website.&nbsp;
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project&nbsp;
A test methodology is v dependent on blocking mode, ie block or transparent, whether it's the app is in test or prod and, finally, whether you want to ensure bad things are blocked or there are no false positives.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

Asm test case

2 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Syslog server not visible in GUI

Same LTM Monitor applied to different Pools with Common Nodes

irule execution error

F5 AWAF/ASM learning only from Trusted traffic?

OWA File Upload URIs for WAF Bypass

Related Content

How F5 WAF Mitigates 0-Day CVEs - React2Shell Case Study

BIG-IP BGP Routing Protocol Configuration And Use Cases

SSL Orchestrator Advanced Use Cases: Integrating SOCKS Proxy

VIPTest: Rapid Application Testing for F5 Environments

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS