Manual Chapter : Introduction to Application Security Manager

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

What is Application Security Manager?

Application Security Manager™ (ASM) is a web application firewall that secures web applications and protects them from vulnerabilities. ASM also helps to ensure compliance with key regulatory mandates, such as HIPAA and PCI DSS. The browser-based user interface provides network device configuration, centralized security policy management, and easy-to-read audit reports.

You can use ASM™ to implement different levels of security to protect Layer 7 applications. You can let ASM automatically develop a security policy based on observed traffic patterns. Or you have the flexibility to manually develop a security policy that is customized for your needs based on the amount of protection and risk acceptable in your business environment.

ASM creates robust security policies that protect web applications from targeted application layer threats, such as buffer overflows, SQL injection, cross-site scripting, parameter tampering, brute force attacks, cookie poisoning, web scraping, and many others, by allowing only valid application transactions. Using a positive security model, ASM secures applications based on a combination of validated user sessions and user input, as well as a valid application response. ASM also includes built-in security policy templates that can quickly secure common applications.

ASM also protects applications using negative security by means of attack signatures. Attack signatures can detect and thwart attacks such as the latest known worms, SQL injections, cross-site scripting, and attacks that target commonly used databases, applications, and operating systems.

ASM provides multi-faceted DoS attack protection for web applications including proactive bot defense, bot signatures, CAPTCHA challenge, stress-based protection, and behavioral DoS.

All these features work together to identify threats and react to them according to your policy. Application traffic is analyzed by ASM and it can also be load balanced to the web application servers. You can configure ASM so that if malicious activity is detected, ASM can terminate the request, send a customized error page to the client, and prevent the traffic from reaching the back-end systems.

When to use application security

The decision about when to use Application Security Manager™ (ASM) to protect an application can be made on a case-by-case basis by each application and security team.

You can use ASM™ in many ways:

  • For securing existing web applications against vulnerabilities and known attack patterns, protecting sensitive data, and proactively identifying (and possibly blocking) attackers performing unauthorized activities.
  • To restrict access to a web application only from those locations identified on a whitelist or to prevent access from certain geolocations.
  • To help address external traffic vulnerability issues that it might not be cost effective to address at the application level.
  • As an interim solution while an application is being developed or modified to address vulnerability issues.
  • As a means to quickly respond to new threats. You can tune ASM to block new threats within a few hours of detection if needed.

These are just a few of the ways that ASM can be used to secure your web applications.

What is a security policy?

The core of Application Security Manager™ functionality centers around the security policy, which secures a web application server from malicious traffic, using both positive and negative security features. Positive security features indicate which traffic has a known degree of trust, such as which file types, URLs, parameters, or IP address ranges can access the web server. Negative security features provide the ability to detect and thwart known attack patterns, such as those defined in attack signatures. Security polices can also include protection against DoS attacks, brute force attacks, web scraping, cross-site request forgery, and multiple attacks from an IP address.

When a user sends a request to the web application server, the system examines the request to see if it meets the requirements of the security policy protecting the application. If the request complies with the security policy, the system forwards the request to the web application. If the request does not comply with the security policy, the system generates a violation (or violations), and then either forwards or blocks the request, depending on the enforcement mode of the security policy and the blocking settings on the violation.

The system can similarly check responses from the web server. Responses that comply with the security policy are sent to the client, but those that do not comply cause violations and may also be blocked.

Types of attacks ASM protects against

Application Security Manager™ (ASM) is a web application firewall that protects mission-critical enterprise Web infrastructure against application-layer attacks, and monitors the protected web applications. For example, ASM protects against web application attacks such as:

  • Layer 7 DoS/DDoS, brute force, and web scraping attacks
  • Malicious bot traffic
  • SQL injection attacks intended to expose confidential information or to corrupt content
  • Exploitations of the application memory buffer to stop services, get shell access, and propagate worms
  • Fraudulent transactions using cross-site request forgery (CSRF)
  • Unauthorized changes to server content
  • Attempts aimed at causing the web application to be unavailable or to respond slowly to legitimate users
  • Manipulation of cookies or hidden fields
  • Unknown threats, also known as zero-day threats
  • Access from unauthorized IP addresses or geolocations

The system can automatically develop a security policy to protect against security threats, and you can configure additional protections customizing the system response to threats.