Forum Discussion
VAPT or APT tools scan prevention
Hello
When the security team starts Vulnerability Assessment and Penetration Testing (VAPT) or Application Security Testing (APT) on a web application, then it can go and test those web pages that only registered users can browse. Is there any way I can block this with Big-IP.
Sorry if my question is silly.
10 Replies
- RockBD
Altocumulus
I am sure which module you're talking about. We are using WAF and Big-IP 17.1.1.4 build 0.14.9.
- RockBD
Altocumulus
I am sure which module you're talking about. We are using WAF and Big-IP 17.1.1.4 build 0.14.9
- RockBD
Altocumulus
I want to block unregistered user access from outside world to my web systems. outside access can be VAPT scans or other for unregister users.
how you do make a difference between unregistered and registered users?
Maybe you should configure brute force and login page enforcement as people who have not authenticated to not be able open certain urls BIG-IP AWAF Demo 32 - Use Login Page Enforcement with F5 BIG-IP Adv WAF (formerly ASM) . The VAT will then will need to support authenticated scan and you could see the new F5 scanner Introducing F5 Distributed Cloud Web App Scanning / Web App Scanning Overview | F5 Distributed Cloud Technical Knowledge or other smart scanning tools.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com