Post Upgrade test for ASM and APM?

Hi

For each module I would write a couple of test cases that show the expected behaviour of the modules.

For APM, I would setup a test that uses the configured APM policy(s) - so for instance, prove that authentication works, does the webtop display, click on an icon - do you get to the desired service. If you have multiple types of service, show that they all work (rdp, portal icon, network vpn etc). It all depends on what functionality you are using.

For ASM - again, according to the config of your policy. Can you make a successful legitimate request to your site. Can you make an illegitimate request to your site, does the policy successfully block the request? Are alerts firing as you expect. Again, it all depends on what you have configured in your policy for you to test against. Some organisations re-run an independent PEN test after an upgrade to verify the platform.

If you test both pre and post upgrade and they check out then you can then get business sign off for the upgrade.