Application Security Manager™ (ASM) integrates with services, such as IBM® Rational® AppScan®, Cenzic® Hailstorm®, and QualysGuard®, as well as WhiteHat Sentinel, that perform vulnerability assessments of web applications. Vulnerability assessment services identify, classify, and report potential security holes or weaknesses in the code of your web site.
You can use the vulnerability assessment deployment scenario to create a baseline security policy that is integrated with a vulnerability assessment tool. By using vulnerability assessment tool output, the system suggests updates to the security policy that can protect against the vulnerabilities that the tool found. You can choose which of the vulnerabilities you want the security policy to handle, retest to be sure that the security policy protects against the vulnerabilities, then enforce the security policy when you are ready.
If you have an existing security policy that was created using a different deployment scenario, you can also incorporate use of a vulnerability assessment tool with that policy.
Before you can create a security policy using ASM™, you need to complete the basic BIG-IP® system configuration tasks including creating a VLAN, a self IP address, and other tasks, according to the needs of your networking environment.
|Resolve and Stage||Updates the security policy to protect again the vulnerability and puts parameters in staging. Entities in staging do not cause violations, and this allows you to fine-tune their settings without causing false positives.|
|Resolve||Updates the security policy to protect again the vulnerability.|
|Ignore||Changes the ASM Status of the selected vulnerability from Pending to Ignore. If later you decide to protect against this vulnerability, you can select it and click Cancel Ignore.|
After you create a security policy, the system provides learning suggestions concerning additions to the security policy based on the traffic that is accessing the application. For example, you can have users or testers browse the web application. By analyzing the traffic to and from the application, Application Security Manager™ generates learning suggestions or ways to fine-tune the security policy to better suit the traffic and secure the application.
|Clear||Select a learning suggestion, and click Clear. The system removes the learning suggestion and continues to generate suggestions for that violation.|
|Clear All||To remove all existing learning suggestions from the list, regardless of whether you have selected any of them, click Clear All.|
|Cancel||Click Cancel to return to the Manual Traffic Learning screen.|
|Learn||If selected, the system generates learning suggestions for requests that trigger the violation.|
|Alarm||If selected, the system records requests that trigger the violation in the Charts screen, the system log (/var/log/asm), and possibly in local or remote logs (depending on the settings of the logging profile).|
|Block||If selected (and the enforcement mode is set to Blocking), the system blocks requests that trigger the violation.|