cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Making Policy with Vulnerability assessment tool, it's possible?

Victor_A__Pinto
Nimbostratus
Nimbostratus

Hello everyone!

 

I would like to know if anyone has created a security policy base on a vulnerability scanner? In my case, I am reviewing the ASM documentation and I find an option that says: "Security policy integrated with vulnerability assessment tool"

 

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-13-0-0/2.ht...

 

but i have not found much documentation about it and I am interested, I'm trying to do a quick learning for a security policy using OWASP ZAP, but I'm not sure of the results, also I find that there is an option in the ASM where I can download a template for a generic scanner, but I don´t know how to use it.

 

Could someone give me some links or documentation, or if you have experience can you help me, please!

 

Thank you very much in advance!

3 REPLIES 3

Ivan_Chernenkii
F5 Employee
F5 Employee

You need to do next:

  1. Select Vulnerability Assessment Tool on "Security ›› Application Security : Vulnerability Assessments : Settings" page. As there is no OWASP ZAP, then you need to select Generic Scanner
  2. Download Generic Schema to use it in your scanner's configuration
  3. Scan application with you scanner
  4. Import resulted report to ASM on "Security ›› Application Security : Vulnerability Assessments : Vulnerabilities" page

 

Thanks, Ivan

Thanks Ivan,

try to upload the file as generated by ASM but it apparently doesn't work with OWASP ZAP.

Thanks a lot

 

So, you are not able to use xsd schema from ASM in your scanner?