Forum Discussion
NimbostratusMaking Policy with Vulnerability assessment tool, it's possible?
Hello everyone!
I would like to know if anyone has created a security policy base on a vulnerability scanner? In my case, I am reviewing the ASM documentation and I find an option that says: "Security policy integrated with vulnerability assessment tool"
but i have not found much documentation about it and I am interested, I'm trying to do a quick learning for a security policy using OWASP ZAP, but I'm not sure of the results, also I find that there is an option in the ASM where I can download a template for a generic scanner, but I don´t know how to use it.
Could someone give me some links or documentation, or if you have experience can you help me, please!
Thank you very much in advance!
Ivan_ChernenkiiEmployee
You need to do next:
- Select Vulnerability Assessment Tool on "Security ›› Application Security : Vulnerability Assessments : Settings" page. As there is no OWASP ZAP, then you need to select Generic Scanner
- Download Generic Schema to use it in your scanner's configuration
- Scan application with you scanner
- Import resulted report to ASM on "Security ›› Application Security : Vulnerability Assessments : Vulnerabilities" page
Thanks, Ivan
Victor_A__PintoThanks Ivan,
try to upload the file as generated by ASM but it apparently doesn't work with OWASP ZAP.
Thanks a lot
- Ivan_Chernenkii
So, you are not able to use xsd schema from ASM in your scanner?