Showing results for 
Search instead for 
Did you mean: 

Making Policy with Vulnerability assessment tool, it's possible?


Hello everyone!


I would like to know if anyone has created a security policy base on a vulnerability scanner? In my case, I am reviewing the ASM documentation and I find an option that says: "Security policy integrated with vulnerability assessment tool"


but i have not found much documentation about it and I am interested, I'm trying to do a quick learning for a security policy using OWASP ZAP, but I'm not sure of the results, also I find that there is an option in the ASM where I can download a template for a generic scanner, but I don´t know how to use it.


Could someone give me some links or documentation, or if you have experience can you help me, please!


Thank you very much in advance!


F5 Employee
F5 Employee

You need to do next:

  1. Select Vulnerability Assessment Tool on "Security ›› Application Security : Vulnerability Assessments : Settings" page. As there is no OWASP ZAP, then you need to select Generic Scanner
  2. Download Generic Schema to use it in your scanner's configuration
  3. Scan application with you scanner
  4. Import resulted report to ASM on "Security ›› Application Security : Vulnerability Assessments : Vulnerabilities" page


Thanks, Ivan

Thanks Ivan,

try to upload the file as generated by ASM but it apparently doesn't work with OWASP ZAP.

Thanks a lot


So, you are not able to use xsd schema from ASM in your scanner?