Configuring F5 Advanced WAF (previously licensed as ASM)

Hakkında
“F5 Application Security Manager” training, students are provided with a functional understanding of
how to deploy, tune, and operate ASM to protect their web applications from HTTP-based attacks.
The course includes lecture, hands-on labs, and discussion about different ASM components for
detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of
Service, brute force, bots, code injection, and zero day exploits
Önkoşullar
There are no required F5 prerequisites for this course.
However, completing one of the following before attending would be very helpful for students
unfamiliar with BIG-IP:
Administering BIG-IP instructor-led course
F5 Certified BIG-IP Administrator
The following web-based courses, although optional, will be very helpful for any student with limited
BIG-IP administration and configuration experience:
Getting Started with BIG-IP web-based training
Getting Started with BIG-IP Application Security Manager (ASM) web-based training
Students should understand:
TMOS administration
Network concepts and configuration
Programming concepts
Security concepts and terminology
Web application delivery
Kurs Süresi
Instructor-led training: 4 days with hands-on lab practice
Virtual instructor-led training: 4 days of web-based classes with hands-on lab practice
Kurs İçeriği
The BIG-IP Application Security Manager course provides participants with the expertise needed to
detect, mitigate, and prevent HTTP-based attacks on web applications. The four-day lab intensive
course starts at the simplest level for quickly configuring and implementing an application security
policy and progresses through more complex configurations. The course includes detailed analysis
and hands-on exercises for protecting web applications from brute force, web scraping, layer 7
DDoS, and other current attack vectors.
Topics covered in this course include:
 Setting up the BIG-IP system
Traffic processing with BIG-IP Local Traffic Manager (LTM)
Web application concepts
Web application vulnerabilities
Security policy deployment
Attack signatures
Positive security building
Cookies and other headers
Reporting
User roles and administration
Advanced parameter handling
Application templates
Real Traffic Policy Builder
Vulnerability scanners
Login enforcement and session tracking
Anomaly detection
ASM and iRules
AJAX and JSON support
XML and web services support
Kurs Hedefleri

• Describe the role of the BIG-IP system as a full proxy device in an application delivery network
• Provision the Application Security Manager
• Define a web application firewall
• Describe how ASM protects a web application by securing file types, URLs, and parameters
• Deploy ASM using the Rapid Deployment template (and other templates) and define the security
checks included in each
• Define learn, alarm, and block settings as they pertain to configuring ASM
• Define attack signatures and explain why attack signature staging is important
• Contrast positive and negative security policy implementation and explain benefits of each
• Configure security processing at the parameter level of a web application
• Use an application template to protect a commercial web application
• Deploy ASM using the Automatic Policy Builder
• Tune a policy manually or allow automatic policy building
• Integrate third party application vulnerability scanner output into a security policy
• Configure login enforcement and session tracking
• Configure protection against brute force, web scraping, and Layer 7 denial of service attacks
• Implement iRules using specific ASM events and commands
• Use Content Profiles to protect JSON and AJAX-based applications
• Implement Bot Signatures
• Implement Proactive Bot Defense
Ders İçeriği
Chapter 1: Setting Up the BIG-IP System
Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Creating an Archive of the BIG-IP System
Leveraging F5 Support Resources and Tools
Chapter 2: Traffic Processing with BIG-IP
Understanding Traffic Processing with LTM
Overview of Local Traffic Policies and ASM
Chapter 3: Web Application Concepts
Anatomy of a Web Application
An Overview of Common Security Methods
Examining HTTP & Web Application Components
Examining HTTP Headers
Examining HTTP Responses
Examining HTML Components
How ASM parses File Types, URLs, & Parameters
Using the Fiddler HTTP proxy tool
Chapter 4: Web Application Vulnerabilities
Examining the OWASP Top 10 vulnerabilities
Summary of risk mitigation using ASM
Chapter 5: Security Policy Deployment
About Positive and Negative Security Models
Deployment Wizard: Local Traffic Deployment
Deployment Wizard: Configuration settings
 Violations and Security Policy Building
Reviewing Violations
Chapter 6: Attack Signatures
Defining Attack Signatures
Attack Signature Features
Defining Attack Signature Sets
About User-defined Attack Signatures
Updating Attack Signatures
Understanding Attack Signatures and staging
Chapter 7: Positive Security Policy Building
Defining Security Policy Components
Security Through Entity Learning
Reviewing Staging and Enforcement
Understanding the Selective mode
Learning Differentiation: Real threats vs. false positives
Chapter 8: Cookies and other Headers
Purposes of ASM Cookies
Understanding Allowed and Enforced Cookies
Configuring security processing on HTTP headers
Chapter 9: Reporting and Logging
Reporting capabilities in ASM
Generating a PCI Compliance Report
Generating an ASM Security Events Report
Chapter 10: User Roles, policy modification, and other deployments
Understanding User Roles & Partitions
Editing and Exporting Security Policies
Chapter 11: Lab Project 1
Chapter 12: Advanced parameter handling
Defining Parameters
Defining Static Parameters
Configuring Dynamic Parameters and Extractions
Chapter 13: Application-Ready Templates
Application-Ready Template Overview
Chapter 14: Real Traffic Policy Builder
Overview of the Real Traffic Policy Builder
Defining Policy Types
Real Traffic Policy Builder Rules
Chapter 15: Web Application Vulnerability Scanners
Integrating ASM with Application Vulnerability Scanners
Resolving Vulnerabilities
Using the generic XML scanner output
Chapter 16: Login Enforcement, Session tracking, and Flows
Defining Login Pages
Configuring Login Enforcement
Configuring session and user tracking
Defining Flows
Configuring Flow Control
Chapter 17: Anomaly Detection
Defining Anomaly Detection
Preventing Brute Force Attacks
Preventing Web Scraping
Geolocation Enforcement
Configuring IP Address Exceptions
Chapter 18: ASM and iRules
Defining iRules and iRule Events
Using ASM iRule Event Modes
iRule Syntax
ASM iRule Commands
Chapter 19: Web 2.0 Support: AJAX and JSON
Defining Asynchronous JavaScript and XML
Defining JavaScript Object Notation (JSON)
Configuring a JSON Profile
Chapter 20: XML and Web Services
Defining XML
Configuring an XML Profile
XML Attack Signatures
Chapter 21: Review and Final Labs
Kimler Katılmalı
This course is intended for security and network administrators who will be responsible for the
installation, deployment, tuning, and day-to-day maintenance of the Application Security Manager.
Sınavlar
F5-CTS ASM Requirements
– F5-CA Certification
Exam 303 - ASM Specialist