F5, Partners Offer Service to Detect, Fix Web App Vulnerabilities

F5 and its partners, Cenzic and WhiteHat, are offering customers free vulnerability scans to see how well the service can work.

F5 Networks is partnering with Cenzic and WhiteHat Security to offer businesses a service designed to reduce their exposure to security breaches by testing and mitigating the vulnerability of their Web applications.

In hopes of giving customers some insight into what F5€™s Big-IP Application Security Manager (ASM) Vulnerability Mitigation Assessment service can do, the vendor is offering businesses free application vulnerability assessment scans, which will identify threats and create an XML file that can be used by Big-IP ASM to mitigate the issues.

The service, announced July 9, comes as more businesses are offering their services online, according to Manny Rivelo, executive vice president of security and strategy solutions at F5. However, many businesses don€™t have a strategy around application security.

€œThe CIOs and CISOs [chief information security officers] I meet with are chartered with driving more services online, but are extremely concerned about the security risks in today€™s dynamic threat environment,€ Rivelo said in a statement. €œYet, in many cases, enterprises do not execute an application security strategy because they do not have proof that their applications are vulnerable. With this offering of free vulnerability scans, F5 is making it easier to build the business case for enterprises to adopt a Web application security plan and ensure their applications are safe and their brand is protected.€

Big-IP ASM Vulnerability Mitigation Assessment service leverages the dynamic application security testing (DAST) solutions from Cenzic and WhiteHat to enable businesses to be proactive in determining and addressing Web application vulnerabilities that could lead to data breaches, which F5 officials said could harm everything from a company€™s reputation to its finances.

F5 is integrating its Big-IP ASM v11.2 solution with the XML API from Cenzic and WhiteHat to create the service, according to F5 officials. With the offering, IT departments can continuously test and verify any application vulnerabilities, mitigate those vulnerabilities with a single click and ensure the quality of the mitigation through the testing infrastructure via the DAST solutions from Cenzic and WhiteHat.

It€™s managed through F5€™s ASM interface. Once application vulnerabilities are identified via the Cenzic Cloud or WhiteHat Sentinel solutions, the Big-IP ASM Vulnerability Mitigation Assessment service creates a report for IT staffs outlining the vulnerabilities and steps needed to fix the problems, according to F5 officials.

The free scan has been released as part of Big-IP ASM v11.2, which is available immediately. According to an F5 spokesperson, the number of scans and number of sites available for a free scan and assessment may vary based on what Cenzic and WhiteHat offer and the needs and requirements of the customer. However, the free scan offered with the Big-IP ASM evaluation or trial is generally for a single site of Web applications a company runs.

Users have access to free 30- to 90-day vulnerability assessment scans from Cenzic and WhiteHat.

The free assessment scan will identify threats to the Web applications and create the XML file, which then can be used by F5€™s Big-IP ASM gateway to mitigate the issues. After the vulnerabilities are found and mitigated, users can run another scan to see how successful the mitigation was, according to F5.

If a business signs up with the Big-IP ASM Vulnerability Mitigation Assessment service, it can go deeper for technical and business logic vulnerability testing. Service customers also can run as many scans as they want.

F5€™s Big-IP ASM Vulnerability Mitigation Assessment service will be available in August.