Manual Chapter : Introduction to Application Security Manager

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter

What is Application Security Manager?

Application Security Manager (ASM) is a web application firewall that secures web applications and protects them from vulnerabilities. ASM also helps to ensure compliance with key regulatory mandates. The browser-based user interface provides network device configuration, centralized security policy management, and easy-to-read audit reports.

You can use ASM to implement different levels of security to protect Layer 7 applications. You can let ASM automatically develop a security policy based on observed traffic patterns. Or you have the flexibility to manually develop a security policy that is customized for your needs based on the amount of protection and risk acceptable in your business environment.

ASM creates robust security policies that protect web applications from targeted application layer threats, such as buffer overflows, SQL injection, cross-site scripting, parameter tampering, cookie poisoning, web scraping, and many others, by allowing only valid application transactions. Using a positive security model, ASM secures applications based on a combination of validated user sessions and user input, as well as a valid application response. ASM also includes built-in security policies that can quickly secure common applications.

ASM also protects applications using negative security by means of attack signatures. Attack signatures can detect and thwart attacks such as the latest known worms, SQL injections, cross-site scripting, and attacks that target commonly used databases, applications, and operating systems.

All these features work together to identify threats and react to them according to your policy. Application traffic is analyzed by ASM and it can also be load balanced to the web application servers. You can configure ASM so that if malicious activity is detected, ASM can terminate the request, send a customized error page to the client, and prevent the traffic from reaching the back-end systems.

When to use application security

The decision about when to use Application Security Manager (ASM) to protect an application can be made on a case-by-case basis by each application and security team.

You can use ASM in many ways:

  • For securing existing web applications against vulnerabilities and known attack patterns, protecting sensitive data, and proactively identifying (and possibly blocking) attackers performing unauthorized activities.
  • To restrict access to a web application only from those locations identified on a whitelist or to prevent access from certain geolocations.
  • To help address external traffic vulnerability issues that it might not be cost effective to address at the application level.
  • As an interim solution while an application is being developed or modified to address vulnerability issues.
  • As a means to quickly respond to new threats. You can tune ASM to block new threats within a few hours of detection if needed.

These are just a few of the ways that ASM can be used to secure your web applications.

Types of attacks ASM protects against

Application Security Manager (ASM) protects mission-critical enterprise Web infrastructure against application-layer attacks, and monitors the protected web applications. For example, ASM protects against web application attacks such as:

  • Manipulation of cookies or hidden fields
  • SQL injection attacks intended to expose confidential information or to corrupt content
  • Malicious exploitations of the application memory buffer to stop services, to get shell access, and to propagate worms
  • Unauthorized user access to authenticated accounts using cross-site request forgery (CSRF)
  • Unauthorized changes to server content
  • Attempts aimed at causing the web application to be unavailable or to respond slowly to legitimate users
  • Layer 7 denial-of-service, brute force, and web scraping attacks
  • Unknown threats, also known as zero-day threats
  • Access from unauthorized IP addresses or geolocations

The system can automatically develop a security policy to protect against security threats, and you can configure additional protections and customize the system response to threats.