Application Security Manager™ (ASM) integrates with services, such as IBM® Rational® AppScan®, Cenzic® Hailstorm®, and QualysGuard®, as well as WhiteHat Sentinel, that perform vulnerability assessments of web applications. Vulnerability assessment services identify, classify, and report potential security holes or weaknesses in the code of your web site.
You can use the vulnerability assessment deployment scenario to create a baseline security policy that is integrated with a vulnerability assessment tool. By using vulnerability assessment tool output, the system suggests updates to the security policy that can protect against the vulnerabilities that the tool found. You can choose which of the vulnerabilities you want the security policy to handle, retest to be sure that the security policy protects against the vulnerabilities, then enforce the security policy when you are ready.
If you have an existing security policy that was created using a different deployment scenario, you can also incorporate use of a vulnerability assessment tool with that policy.
Additionally, the ASM™ system needs to be able to access the WhiteHat web site to download the results of the vulnerability scan and to perform retests after updating the security. If the BIG-IP® system does not have Internet access, you can run the vulnerability scan from a system that does have access, then save the results of the scan as an XML file on that system and import the vulnerabilities file manually onto the BIG-IP system.
Last, you need to complete the basic BIG-IP system configuration tasks including creating a VLAN, a self IP address, and other tasks according to the needs of your networking environment. You also need to configure a DNS address (go to.
|Download verified vulnerabilities directly from WhiteHat Sentinel service||Download the vulnerability file from the Sentinel server directly to the Application Security Manager.|
|Import previously saved vulnerabilities file||Upload a previously downloaded vulnerabilities file to the Application Security Manager. Type the name of the file, or click Browse to search for it.|
When integrating with WhiteHat Sentinel, Application Security Manager has to recognize whether a request is coming from the WhiteHat server. This enables ASM to communicate with WhiteHat Sentinel so the WhiteHat portal can mark fixed vulnerabilities as Mitigated by WAF. ASM identifies requests sent by WhiteHat Sentinel using the published source IP of the WhiteHat Sentinel service. However, ASM does not see the original source IP address of requests if ASM is behind a NAT (or NAT firewall), or if you are using a WhiteHat Satellite box. In these configurations, vulnerabilities that ASM protects against are not shown as mitigated in WhiteHat Sentinel.
To resolve this issue, set one or more of the WhiteHatIP system variables to the redirected source IP addresses or subnets. ASM then treats the address as one of the WhiteHat addresses, and sends WhiteHat information on vulnerabilities that ASM has mitigated. (Set system variables on this screen: .
|Resolve and Stage||Updates the security policy to protect again the vulnerability and puts parameters in staging. Entities in staging do not cause violations, and this allows you to fine-tune their settings without causing false positives.|
|Resolve||Updates the security policy to protect again the vulnerability.|
|Ignore||Changes the ASM Status of the selected vulnerability from Pending to Ignore. If later you decide to protect against this vulnerability, you can select it and click Cancel Ignore.|
After you create a security policy, the system provides learning suggestions concerning additions to the security policy based on the traffic that is accessing the application. For example, you can have users or testers browse the web application. By analyzing the traffic to and from the application, Application Security Manager™ generates learning suggestions or ways to fine-tune the security policy to better suit the traffic and secure the application.
|Clear||Select a learning suggestion, and click Clear. The system removes the learning suggestion and continues to generate suggestions for that violation.|
|Clear All||To remove all existing learning suggestions from the list, regardless of whether you have selected any of them, click Clear All.|
|Cancel||Click Cancel to return to the Manual Traffic Learning screen.|
|Learn||If selected, the system generates learning suggestions for requests that trigger the violation.|
|Alarm||If selected, the system records requests that trigger the violation in the Charts screen, the system log (/var/log/asm), and possibly in local or remote logs (depending on the settings of the logging profile).|
|Block||If selected (and the enforcement mode is set to Blocking), the system blocks requests that trigger the violation.|