Asm test case

Question

is there any ways to test asm is configure and working as per expectation? Is there any attack test cases that will not damage or cause impact to the applications should the attack was not block?

erik_novak · Answer

If you ensure that your policy is in transparent mode, there will be no impact on your users or your application because violations will not be blocked. This will give you time to review events and decide when to place the policy into blocking mode. In addition to transparent mode, you can make sure that attack signatures and other violations remain in staging until you are sure that they will not cause false positives.

nathe · Answer

Lianjx, you could look to an automated tool such as OWASP Zap which would send different types of attacks to your website.&nbsp;
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project&nbsp;
A test methodology is v dependent on blocking mode, ie block or transparent, whether it's the app is in test or prod and, finally, whether you want to ensure bad things are blocked or there are no false positives.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

Asm test case

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

SSL Orchestrator Advanced Use Cases: DNS Sinkholing

SSLO in public cloud: Azure inbound L3 use case

SSL Orchestrator Advanced Use Cases: Integrating SOCKS Proxy

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions