Reduce risk and save time by:
Organizations today are challenged to not just measure their application security risk, but also fix the vulnerabilities that create that risk. Unfortunately, it’s not as simple as it sounds; many application vulnerabilities require code changes that can be costly and time consuming to implement, and entail constant back-and-forth between security and development teams to identify, validate, and fix. Sound painful? It often is.
That’s why F5 BIG-IP® Application Security Manager™ (ASM) integrates with Rapid7 AppSpider to reduce the amount of time you’re left exposed to attack while longer-term fixes are built and implemented.
AppSpider’s Defend capability enables you to close security gaps in applications while the development team works to deliver a source code patch. AppSpider will generate Web Application Firewall (WAF) rules custom to the vulnerabilities that are identified. These virtual patches are tailored to specific vulnerabilities found in a target application so that the highest level of protection can be applied by the WAF. Through the integration with F5®’s BIG-IP® Application Security Manager™ (ASM), WAF rules generated by AppSpider can be immediately imported into F5 BIG-IP ASM for remediation that takes only minutes—not the days and weeks required by a source code patch. After the custom rule is enforced by an F5 BIG-IP ASM policy, AppSpider can also test the virtual patch and confirm the security gap is closed with its interactive attack replay feature.
Figure 1: AppSpider and F5 BIG-IP Application Security Manager (ASM) integrate to reduce the time vulnerable applications are exposed to attack.