Application Security Manager™ (ASM) integrates with services, such as IBM® Rational® AppScan®, Cenzic® Hailstorm®, and QualysGuard®, as well as WhiteHat Sentinel, that perform vulnerability assessments of web applications. Vulnerability assessment services identify, classify, and report potential security holes or weaknesses in the code of your web site.
You can use the vulnerability assessment deployment scenario to create a baseline security policy that is integrated with a vulnerability assessment tool. By using vulnerability assessment tool output, the system suggests updates to the security policy that can protect against the vulnerabilities that the tool found. You can choose which of the vulnerabilities you want the security policy to handle, retest to be sure that the security policy protects against the vulnerability, and then enforce the security policy when you are ready.
You need to complete the basic BIG-IP system configuration tasks including defining a VLAN, a self IP address, a local traffic pool, an application security class, and a virtual server, according to the needs of your networking environment. You also need to configure a DNS address (, and restart ASM (at the command line, type tmsh restart /sys service asm).
|Download verified vulnerabilities directly from WhiteHat Sentinel service||Download the vulnerability file from the Sentinel server directly to the Application Security Manager.|
|Upload file previously saved vulnerabilities file||Upload a previously downloaded vulnerability file to the Application Security Manager. Type the name of the file, or click Browse to search for it.|
When integrating with WhiteHat Sentinel, Application Security Manager has to recognize whether a request is coming from the WhiteHat server. This allows ASM™ to return header information to WhiteHat Sentinel so it can mark the vulnerability as Mitigated by WAF. ASM identifies requests sent by WhiteHat Sentinel using the published source IP of the WhiteHat Sentinel service. However, ASM does not see the original source IP address of requests if ASM is behind a NAT (or NAT firewall), or if you are using a WhiteHat Satellite box. In these configurations, vulnerabilities that ASM protects against are not shown as mitigated in WhiteHat Sentinel.To resolve this issue, set one or more of the WhiteHatIP internal parameters to the redirected source IP addresses or subnets. ASM then treats the address as one of the WhiteHat addresses, and sends WhiteHat information on vulnerabilities that ASM has mitigated.
|Resolve and Stage||Updates the security policy to protect again the vulnerability and puts parameters in staging. Entities in staging do not cause violations, and this allows you to fine-tune their settings without causing false positives.|
|Resolve||Updates the security policy to protect again the vulnerability.|
|Ignore||Changes the ASM Status of the selected vulnerability from Pending to Ignore. If later you decide to protect against this vulnerability, you can select it and click Cancel Ignore.|
After you create a security policy, the system provides learning suggestions concerning additions to the security policy based on the traffic that is accessing the application. For example, you can have users or testers browse the web application. By analyzing the traffic to and from the application, Application Security Manager™ generates learning suggestions or ways to fine-tune the security policy to better suit the traffic and secure the application.
|Accept||Select a learning suggestion, click Accept, and then click Apply Policy. The system updates the security policy to allow the file type, URL, parameter, or other element.|
|Clear||Select a learning suggestion, and click Clear. The system removes the learning suggestion and continues to generate suggestions for that violation.|
|Cancel||Click Cancel to return to the Traffic Learning screen.|
|Learn||If selected, the system generates learning suggestions for requests that trigger the violation.|
|Alarm||If selected, the system records requests that trigger the violation in the Charts screen (), the Syslog (/var/log/asm), and possibly in local or remote logs (depending on the settings of the logging profile).|
|Block||If selected (and the enforcement mode is set to Blocking), the system blocks requests that trigger the violation.|