Making Policy with Vulnerability assessment tool, it's possible?

Victor_A__Pinto · ‎16-May-2020

Hello everyone!

I would like to know if anyone has created a security policy base on a vulnerability scanner? In my case, I am reviewing the ASM documentation and I find an option that says: "Security policy integrated with vulnerability assessment tool"

https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-13-0-0/2.ht...

but i have not found much documentation about it and I am interested, I'm trying to do a quick learning for a security policy using OWASP ZAP, but I'm not sure of the results, also I find that there is an option in the ASM where I can download a template for a generic scanner, but I don´t know how to use it.

Could someone give me some links or documentation, or if you have experience can you help me, please!

Thank you very much in advance!

Ivan_Chernenkii · ‎18-May-2020

You need to do next:

Select Vulnerability Assessment Tool on "Security ›› Application Security : Vulnerability Assessments : Settings" page. As there is no OWASP ZAP, then you need to select Generic Scanner
Download Generic Schema to use it in your scanner's configuration
Scan application with you scanner
Import resulted report to ASM on "Security ›› Application Security : Vulnerability Assessments : Vulnerabilities" page

Thanks, Ivan

Victor_A__Pinto · ‎20-May-2020

Thanks Ivan,

try to upload the file as generated by ASM but it apparently doesn't work with OWASP ZAP.

Thanks a lot

Ivan_Chernenkii · ‎20-May-2020

So, you are not able to use xsd schema from ASM in your scanner?

DevCentral

Making Policy with Vulnerability assessment tool, it's possible?