What is a good tool to test ASM security policies?

Question

What is a good tool to test ASM security policies? Something like a web application vulnerability scanner?&nbsp;

leonardo_souza · Answer

Yes, a vulnerability scan.
Any vulnerability scan will work, but if you do with the ones ASM supports, you can then import the report in the ASM to a create a policy.&nbsp;
Have a look in this link:
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-12-1-0/4.html&nbsp;
This is the Gartner quadrant for application security testing (should tell who is good or not):
https://www.gartner.com/doc/reprints?id=1-2KU6P9E&amp;ct=150807&amp;st=sb&nbsp;
I also found this link, with a large list of scanners:
http://projects.webappsec.org/w/page/13246988/Web%20Application%20Security%20Scanner%20List&nbsp;

jinshu · Answer

Hi Mate,&nbsp;
You can use any vulnerability scan to test the ASM functionality. If you are looking for real exploit test, you can use Kali linux which is the well known available opensource pen test tool.&nbsp;
-Jinshu&nbsp;

Forum Discussion

What is a good tool to test ASM security policies?

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

Related Content

Quarterly Security Notification October 2025

Minimizing Security Complexity: Managing Distributed WAF Policies

Auditing Security Policy Updates

iRule to modify a content-security-policy header

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS