Getting Started with Application Security Management

Overview

Datadog Application Security Management (ASM) helps secure your web applications and APIs in production. ASM provides visibility into application-level vulnerabilities in your services, and protects in real-time from attacks and attackers that aim to exploit these vulnerabilities.

This guide walks you through best practices for getting your team up and running with ASM.

Identify services that have security risk

Identify services vulnerable or exposed to attacks that would benefit from ASM. Navigate to the ASM Setup page and select the services recommended there.

ASM Services page view, showing Vulnerabilities and sorted by Suspicious requests column.

These security insights are detected from data reported by APM. The insights help prioritize your security efforts. ASM identifies, prioritizes, and helps remediate all security risks on your services.

Note: If no vulnerabilities or suspicious requests are reported, ensure your services are using a recent Datadog tracing library version. From the APM Service Catalog, open any service’s side panel and look at its Tracing Configuration.

Tracer Configuration tab in APM Service Catalog page view. Highlighting which version of the Datadog Agent, and Datadog tracing library are being used by your services.

Enable ASM

Enable ASM with in-app instructions

Go to the ASM Setup page and follow the instructions to get started. This includes:

  • Guided selection of services that would benefit from ASM.
  • Configuring your Datadog tracing libraries with an environment variable.
  • Restarting your services.
  1. Go to ASM and click Get Started with ASM.
  2. Select services exposed to risk that are recommended by Datadog.
  3. Follow the instructions to get started with ASM.

Enable ASM with Remote Configuration

Prerequisites:

Setup Remote Configuration (if not enabled already)

Follow the steps to enable Remote Configuration in your Datadog UI. This includes:

  1. Activate Remote Config capability for your organization.
  2. Add Remote Configuration capability to an existing API key, or create a new one.
  3. Update your Datadog Agent configuration to use the API key with Remote Configuration capability.

See Setting up Remote Configuration for more information.

Test ASM

Once enabled, ASM immediately identifies application vulnerabilities and detects attacks and attackers targeting your services.

  1. Validate vulnerabilities: Navigate to the Vulnerabilities tab, triage and remediate your vulnerabilities.
  2. Validate attacks: Send attack patterns to trigger a test detection rule. From your terminal, run the following script:
  for ((i=1;i<=200;i++)); do
  # Target existing service's routes
  curl https://your-application-url/<EXISTING ROUTE> -A
  'dd-test-scanner-log';
  # Target non existing service's routes
  curl https://your-application-url/<NON-EXISTING ROUTE> -A
  'dd-test-scanner-log';
  done
  1. Go to Security Signals Explorer to see the signal that is generated after a few seconds.

Reports and notifications

  1. Set up notification rules to receive alerts using Slack, Jira, email, and more.
  2. Subscribe to the weekly threat digest reports to begin investigation and remediation of the most important security threats discovered in the last seven days.

Interested in best practices to go further? View the in-product Quickstart Guide.

Further reading

Additional helpful documentation, links, and articles:

Application Security terms and conceptsDOCUMENTATION more more How Application Security Management worksDOCUMENTATION more more Enabling ASMDOCUMENTATION more more Join an interactive session to elevate your security and threat detectionFOUNDATION ENABLEMENT more more Getting Started with Application Vulnerability ManagementGUIDE more more Security research, reports, tips, and videos from DatadogSECURITY LABS more more