In this 4-day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks.
The course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.
This course is intended for SecOps personnel responsible for the deployment, tuning, and day-to-day maintenance of F5 Adv. WAF. Participants will obtain a functional level of expertise with F5 Advanced WAF, including comprehensive security policy and profile configuration, client assessment, and appropriate mitigation types.
There are no F5-technology-specific prerequisites for this course. However, completing the following before attending would be very helpful for students with limited BIG-IP administration and configuration experience:
The following free web-based training courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience.
The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:
Chapter 1: Setting Up the BIG-IP System
Chapter 2: Traffic Processing with BIG-IP
Chapter 3: Web Application Concepts
Chapter 4: Web Application Vulnerabilities
Chapter 5: Security Policy Deployment
Chapter 6: Policy Tuning and Violations
Chapter 7: Attack Signatures and Threat Campaigns
Chapter 8: Positive Security Policy Building
Chapter 9: Securing Cookies and Other Headers
Chapter 10: Visual Reporting and Logging
Chapter 11: Lab Project 1
Chapter 12: Advanced Parameter Handling
Chapter 13: Automatic Policy Building
Chapter 14: Web Application Vulnerability Scanner Integration
Chapter 15: Deploying Layered Policies
Chapter 16: Login Enforcement and Brute Force Mitigation
Chapter 17: Reconnaissance with Session Tracking
Chapter 18: Layer 7 DoS Mitigation
Chapter 19: Advanced Bot Defense
Chapter 20: Form Encryption using DataSafe
Chapter 21: Review and Final Labs