Forum Discussion

Altocumulus

Nov 10, 2024

VAPT or APT tools scan prevention

Hello

When the security team starts Vulnerability Assessment and Penetration Testing (VAPT) or Application Security Testing (APT) on a web application, then it can go and test those web pages that only registered users can browse. Is there any way I can block this with Big-IP.

Sorry if my question is silly.

application delivery

security

10 Replies

MoFaz
Moderator
Nov 11, 2024
Hi RockBD ,

Thanks for dropping this question and I assure that this question is definitely not silly. Anyway, can I know what module of the BIG-IP that you are using and which version is it running on?

Cheers,
Mo.
- RockBD
  Altocumulus
  Nov 11, 2024
  I am sure which module you're talking about. We are using WAF and Big-IP 17.1.1.4 build 0.14.9.
RockBD
Altocumulus
Nov 11, 2024
I am sure which module you're talking about. We are using WAF and Big-IP 17.1.1.4 build 0.14.9
MoFaz
Moderator
Nov 11, 2024
Hey RockBD ,

Thanks for your response. Can I clarify that you want to block VAPT scans from scanning browsers that your registered users can access to?
- RockBD
  Altocumulus
  Nov 11, 2024
  I want to block unregistered user access from outside world to my web systems. outside access can be VAPT scans or other for unregister users.
  - boneyard
    MVP
    Nov 18, 2024
    how you do make a difference between unregistered and registered users?
Nikoolayy1
MVP
Feb 15, 2025
Maybe you should configure brute force and login page enforcement as people who have not authenticated to not be able open certain urls BIG-IP AWAF Demo 32 - Use Login Page Enforcement with F5 BIG-IP Adv WAF (formerly ASM) . The VAT will then will need to support authenticated scan and you could see the new F5 scanner Introducing F5 Distributed Cloud Web App Scanning / Web App Scanning Overview | F5 Distributed Cloud Technical Knowledge or other smart scanning tools.