Application Security Manager™ (ASM) is a web application firewall that
secures web applications and protects them from vulnerabilities. ASM also helps to ensure
compliance with key regulatory
mandates, such as HIPAA and
PCI DSS. The browser-based user interface provides network device
configuration, centralized security policy management, and easy-to-read audit reports.
You can use ASM™ to implement different levels of security to protect Layer
7 applications. You can let ASM automatically develop a security policy based on observed traffic
patterns. Or you have the flexibility to manually develop a security policy that is customized
for your needs based on the amount of protection and risk acceptable in your business
ASM creates robust security policies that protect web applications from targeted application
layer threats, such as buffer overflows, SQL injection, cross-site scripting, parameter
tampering, brute force
attacks, cookie poisoning, web scraping, and many others, by allowing only
valid application transactions. Using a positive security model, ASM secures applications based
on a combination of validated user sessions and user input, as well as a valid application
response. ASM also includes built-in security
templates that can quickly secure common applications.
ASM also protects applications using negative security by means of attack signatures. Attack
signatures can detect and thwart attacks such as the latest known worms, SQL injections,
cross-site scripting, and attacks that target commonly used databases, applications, and
ASM provides multi-faceted DoS attack protection for web applications including proactive bot
signatures, CAPTCHA challenge, stress-based protection, and behavioral DoS.
All these features work together to identify threats and react to them according to your policy.
Application traffic is analyzed by ASM and it can also be load balanced to the web application
servers. You can configure ASM so that if malicious activity is detected, ASM can terminate the
request, send a customized error page to the client, and prevent the traffic from reaching the