Application Security Manager™ (ASM) integrates with services, such as WhiteHat Sentinel, that perform vulnerability assessments of web applications. Vulnerability assessment services identify, classify, and report potential security holes or weaknesses in the code of your web site.
You can use the vulnerability assessment deployment scenario to create a baseline security policy that is integrated with WhiteHat Sentinel. By communicating with the vulnerability assessment service, the system suggests updates to the security policy that can protect against the vulnerabilities. You can choose which of the vulnerabilities you want the security policy to handle, retest to be sure that the security policy protects against the vulnerability, and then enforce the security policy when you are ready.
When integrating with WhiteHat Sentinel, Application Security Manager has to recognize whether a request is coming from the WhiteHat server. This allows BIG-IP® ASM™ to return header information to WhiteHat Sentinel so it can mark the vulnerability as Mitigated by WAF. ASM identifies requests sent by WhiteHat Sentinel using the published source IP of the WhiteHat Sentinel service. However, ASM does not see the original source IP address of requests if ASM is behind a NAT (or NAT firewall), or if you are using a WhiteHat Satellite box. In these configurations, vulnerabilities that ASM protects against are not shown as mitigated in WhiteHat Sentinel.
If you want to resolve this issue, from the command line set the internal parameter WhiteHatTestIP<n> (where <n> is 1, 2, or 3) to the redirected source IP address. ASM then treats the address as one of the WhiteHat addresses, and sends WhiteHat information on vulnerabilities that have been mitigated.
You need to complete the basic BIG-IP system configuration tasks including defining a VLAN, a self IP address, a local traffic pool, an application security class, and a virtual server, according to the needs of your networking environment. You also need to configure a DNS address (, and restart ASM (at the command line, type bigstart restart asm).
|Download vulnerabilities directly from WhiteHat Sentinel||Download the vulnerability file from the Sentinel server directly to the Application Security Manager.|
|Upload file with vulnerabilities||Upload a previously downloaded vulnerability file to the Application Security Manager. Type the name of the file, or click Browse to search for it.|