Forum Discussion
pitmaster
Nimbostratus
NimbostratusTools for WAF Professionals
What are the tools a WAF professional must have to properly do his/her job? I'm asking because I would like to evaluate request and give recommendation based on facts.
3 Replies
Hannes_RappBy "tools" do you mean computer programs? There are no special requirements.
I Use:
1. Web-browser. To manage ASM/WAF, I prefer to use GUI, because it's faster. The ASM module is also integrated with TMOS TMSH, but it's nowhere near as good as TMSH for the LTM module.
2. SSH Terminal (E.g Linux Terminal, or Putty) to investigate the log files
3. Text-editor to create and modify policy templates (XML format)
4. iControl and Python; For automation of repetitive tasks, e.g. providing requested information for security auditors
pitmasterHannes Rapp thanks for the response but I was thinking more to review web request and alike. Tools like fiddler or others.
- Hannes_RappASM event logs include all the HTTP header and payload (parameters) data. Additionally, reponse logging can be enabled. I don't see daily use for tools like Fiddler, because it's superseded by cURL, but it could come handy if you wanted to verify that ASM profile is configured properly. Similarly to cURL, you can use Fiddler to craft your own malicious request. I just see Fiddler as the second preference if UNIX machine with cURL is not available. Regards :)
