Professional Documents
Culture Documents
ASM Presentation
ASM Presentation
Drivers
Webification :
Web-based interfaces and connections are being applied to multiple
applications and devices.
There is an increasing in intelligent browsers running on all sorts of
platforms.
Targeted Attacks on specific websites , application and companies.
People and companies are more vulnerable.
ASM is a WAF
WAFs are a necessity in todays computing environment.
all clients are at risk, regardless of their industry.
ASM that monitor URLs for server latency, top accessed pages, and other statistics
ASM in depth
Securing Applications
Options of security Applications :
modify the application to repair identified vulnerabilities.
implementing point WAF solutions.
use the ADC as a strategic point to secure both your
application your data.
Best Practices
1- Check server response for information leakage.
2- use an application specific security policy, and make sure what is being
protected is clearly defined.
3-log HTTP for audit , after security measures have been implemented , they
should be audited.
4- use a combination of positive and negative security models.
5- always inspect both HTTP and HTTPS traffic to make sure content can be
validate.
6- Enforce security in a manner appropriate to the application. ASM provides the
flexibility to do that.
Policy Configuration
the core of the Application Security Manager functionality is the security policy.
ASM performs this steps :
1- compares each received requests to the active security policy.
2- forward the complaint request to the web application.
3- generates a violation, and then either forwards the request or blocks the
request.
4- checks responses from the web application.
a- send complaint response to the client.
b- cause violations and may also be block noncompliant responses.
with additional configurations, the other 20 percent of the attacks can also be mitigated.
protect against attacks such as Layer 7 Denial of Service attacks, brute force, web scraping, and
CSRF.
staging mode which allows a policy to run for a period of time without enforcement and blocking.
Policy Builder
1- set up the policy.
2- let the system automatically add entities to security policy.
3- let the system stabilize the security policy.
4- let the system track site changes and update the policy.
5- Review the automatic policy building status.
PCI DSS
One of the major drivers of ASM is PCI compliance.
PCI DSS stands for Payment Card Industry Data Security Standard.