This course gives participants a functional understanding of how to deploy, tune, and operate BIG-IP Application Security Manager (ASM) to protect their web applications from HTTP-based attacks. The course includes lecture, hands-on labs, and discussion about different ASM components for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.
At the end of this course, the student will be able to:
This course is intended for SecOps personnel responsible for the deployment, tuning, and day-to-day maintenance of ASM (Application Security Manager). Participants will obtain a functional level of expertise with ASM, including comprehensive security policy and profile configuration, client assessment, and appropriate mitigation types.
There are no F5-technology-specific prerequisites for this course. However, completing the following before attending would be very helpful for students with limited BIG-IP administration and configuration experience:
The following free web-based training courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience. These courses are available from the LearnF5 Training and Education Hub. https://www.f5.com/services/training:
The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:
· OSI model encapsulation | · NAT and private IP addressing |
· Routing and switching | · Default gateway |
· Ethernet and ARP | · Network firewalls |
· TCP/IP concepts | · LAN vs. WAN |
· IP addressing and subnetting |
The Configuring Application Security Manager v14 course now includes lab and lecture content for L7 Behavioral DoS, and a new chapter on Advanced Bot Defense as result of Unified Bot Defense changes in the product. To facilitate four-day delivery, lecture and lab material for previous Chapter 13: Policy Diff and Administration, Chapter 20: F5 Advanced WAF and iRules, and Chapter 21: Using Content Profiles have been moved to add-ons and are also available as part of the Training Pass web-based training offering.
v14 COURSE OUTLINE
Chapter 1: Setting Up the BIG-IP System
Chapter 2: Traffic Processing with BIG-IP
Chapter 3: Web Application Concepts
Chapter 4: Exploiting Web Application Vulnerabilities
Chapter 5: Security Policy Deployment
Chapter 6: Policy Tuning and Violations
Chapter 7: Using Attack Signatures
Chapter 8: Positive Security Policy Building
Chapter 9: Securing Cookies and Other Headers
Chapter 10: Visual Reporting and Logging
Chapter 11: Lab Project 1
Chapter 12: Advanced Parameter Handling
Chapter 13: Automatic Policy Building
Chapter 14: Web Application Vulnerability Scanner Integration
Chapter 15: Deploying Layered Policies
Chapter 16: Login Enforcement and Brute Force Mitigation
Chapter 17: Reconnaissance with Session Tracking
Chapter 18: Layer 7 DoS Protection
Chapter 19: Advanced Bot Defense
Chapter 20: Review and Final Labs
v13 COURSE OUTLINE
Chapter 1: Setting Up the BIG-IP System
Chapter 2: Traffic Processing with BIG-IP
Chapter 3: Web Application Concepts
Chapter 4: Common Web Application Vulnerabilities
Chapter 5: Security Policy Deployment
Chapter 6: Policy Tuning and Violations
Chapter 7: Attack Signatures
Chapter 8: Positive Security Policy Building
Chapter 9: Cookies and Other Headers
Chapter 10: Reporting and Logging
Chapter 11: Lab Project 1
Chapter 12: Advanced Parameter Handling
Chapter 13: Policy Diff and Administration
Chapter 14: Using Application-Ready Templates
Chapter 15: Automatic Policy Building
Chapter 16: Web Application Vulnerability Scanner Integration
Chapter 17: Layered Policies
Chapter 18: Login Enforcement, Brute Force Mitigation, and Session Tracking
Chapter 19: Web Scraping Mitigation and Geolocation Enforcement
Chapter 20: Layer 7 DoS Mitigation and Advanced Bot Protection
Chapter 21: ASM and iRules
Chapter 22: Using Content Profiles
Chapter 23: Review and Final Labs
SKU: F5-SVC-TRG-UNIT
Course Length: 4 days
Training Unit Price: 80
Designed for:
Network Administrator