SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Generating F5 BIG-IP Application Security Manager WAF Rules From Netsparker

If you can't immediately fix all vulnerabilities that Netsparker has detected, you can cover them up and defer fixing them until another time. You do this by exporting Netsparker's findings as rules for the BIG-IP Application Security Manager (ASM). This function is available in both Netsparker Enterprise and Netsparker Enterprise, though how it works is different for each edition.

  • In Netsparker Enterprise, you can only export a whole scan. It is not possible to export a single vulnerability. Should you wish to import a single vulnerability rule, you can manually modify the exported ASM configuration file.
  • In Netsparker Standard, it is possible to either export the information about a single vulnerability as an ASM rule or export information about all the vulnerabilities identified during the scan.

After the rules are imported, the BIG-IP ASM will then block any requests made by malicious hackers.

F5 BIG-IP ASM WAF Rules Netsparker Scanner Export

WAF rules are generated according to ‘Generic Schema’. The result rules are xml formatted.

Types of Vulnerabilities Netsparker Scanners Export as F5 BIG-IP ASM Rules

Not all vulnerabilities can be covered up by blocking access to a specific URL with a web application firewall, therefore not all vulnerabilities can be exported as ModSecurity rules. For example, security flaws related to HTTP Cookies, sensitive comments in source code, application source code disclosure and other similar vulnerabilities will not be exported.

How To Export F5 BIG-IP ASM WAF Rules from Netsparker Enterprise

  1. From the main menu, click Scans, then Recent Scans. The Scans window is displayed.
  2. Next to the relevant scan, click Report. The Executive Summary window is displayed.
  3. Click Export. The Export Report dialog box is displayed.

  1. From the Report dropdown, select BIG-IP ASM WAF Rules.
  2. From the Format dropdown, select TXT.
  3. Click Export. The Save As dialog opens.
  4. Select a save location and click Save. You can then use the downloaded rules in your web application firewall.

How to Export F5 BIG-IP ASM WAF Rules from Netsparker Standard

  1. Once the scan has finished, navigate to the Issues pane and select a single vulnerability (in this example, Cross-site Scripting).

  1. From the Reporting tab, click BIG-IP ASM WAF Rules.

The Save Report As dialog is displayed.

  1. In the Filename field, enter a name, and click Save. The Export Report dialog is displayed with the Path (generated from the location and filename from the previous step) already displayed.

  1. From the Policy dropdown, select an option.
  2. The Open Generated Report checkbox is already selected (which opens the report on completion). Deselect this option if required.
  3. Click Save. The BIG-IP ASM WAF Rules Report is opened in your default text editor.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO