Forum Discussion

Lianjx_204891

Nimbostratus

Dec 21, 2015

Asm test case

is there any ways to test asm is configure and working as per expectation? Is there any attack test cases that will not damage or cause impact to the applications should the attack was not block?

ASM Advanced WAF

security

nathe

Cirrocumulus

Dec 22, 2015

Lianjx, you could look to an automated tool such as OWASP Zap which would send different types of attacks to your website.

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

A test methodology is v dependent on blocking mode, ie block or transparent, whether it's the app is in test or prod and, finally, whether you want to ensure bad things are blocked or there are no false positives.

Hope this helps,

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)