F5 Networks Configuring BIG-IP ASM: Application Security Manager

Learn skills to manage Web-based and XML application attacks and use Application Security Manager to defend against these attacks, including building security policies, utilizing traffic learning, deploying Application Security Manager with various applications, and testing using realistic web site traffic.

Course Outline

Lesson 1 : Setting up BIG-IP System

Introducing the BIG-IP System

Initially Setting Up the BIG-IP System

Archiving the BIG-IP Configuration

F5 Support Resources and Tools

Lesson 2 : Traffic Processing with BIG-IP

Identifying BIG-IP Traffic Processing Objects

Understanding Network Packet Flow

Understanding Profiles

Overview of Local Traffic Policies and ASM

Lesson 3 : Web Application Concepts

Anatomy of a web application

An Overview of Common Security Methods

Examining HTTP and Web Application Components

Examining HTTP Headers

Examining HTTP Responses

Examining HTML Components

How ASM Parses File Types, URLs, and Parameters

Using the Fiddler HTTP proxy tool

Lesson 4 : Web Application Vulnerabilities

OWASP Top 10 Vulnerabilities

Lesson 5 : Security Policy Deployment

Comparing Positive and Negative Security

Using the Deployment Wizard

Deployment Wizard: Local Traffic Deployment

Deployment Wizard: Workflow

Reviewing Requests

Security Checks offered by Rapid Deployment

Configuring Data Guard

Lesson 6 : Policy Tuning and Violations

Post-Configuration Traffic Processing

Defining False Positives

How Violations are Categorized

Violation Ratings

Enforcement Settings and Staging: Policy Control

Defining Signature Staging

Defining Enforcement Readiness Period

Defining Learning

Violations and Learning Suggestions

Learning Mode: Automatic or Manual

Defining Learn, Alarm and Block settings

Interpreting Enforcement Readiness Summary

Configuring the Blocking Response Page

Lesson 7 : Attack Signatures

Defining Attack Signatures

Creating User-Defined Attack Signatures

Attack Signature Normalization

Attack Signature Structure

Defining Attack Signature Sets

Defining Attack Signature Pools

Updating Attack Signatures

Understanding Attack Signatures and Staging

Lesson 8 : Positive Security Policy Building

Defining Security Policy Components

Choosing an Explicit Entities Learning Scheme

How to learn: Add All Entities

Staging and Entities: The Entity Lifecycle

How to Learn: Never (Wildcard Only)

How to Learn: Selective

Learning Differentiation: Real Threats vs. False positives

Lesson 9 : Cookies and Other Headers

ASM Cookies: What to Enforce

Understanding Allowed and Enforced Cookies

Configuring Security Processing on HTTP Headers

Lesson 10 : Reporting and Logging

Reporting Capabilities in ASM

Viewing DoS Reports

Generating an ASM Security Events Report

Viewing Log files and Local Facilities

Understanding Logging Profile

Lesson 11 : User Roles and Policy Modification

Understanding User Roles and Partitions

Comparing Policies

Editing and Exporting Security Policies

Examples of ASM Deployment Types

Overview of ASM Synchronization

Collecting Diagnostic Data with asmqkview

Lesson 12 : Lab Project

Lab Project 1

Lesson 13 : Advanced Parameter Handling

Defining Parameters

Defining Static Parameters

Understanding Dynamic Parameters and Extractions

Defining Parameter Levels

Understanding Attack Signatures and Parameters

Lesson 14 : Application-Ready Templates

Application Template Overview

Lesson 15 : Automatic Policy Building

Overview of Automatic Policy Building

Choosing a Policy Type

Defining Policy Building Process Rules

Defining the Learning Score

Lesson 16 : Web Application Vulnerability Scanners

Integrating ASM with Vulnerability Scanners

Importing Vulnerabilities

Resolving Vulnerabilities

Using the Generic XML Scanner Output

Lesson 17 : Login Enforcement & Session Tracking

Defining a Login URL

Defining Session Awareness and User Tracking

Lesson 18 : Brute force and Web Scraping Mitigation

Defining Anomalies

Mitigating Brute Force Attacks

Defining Session-Based Brute Force Protection

Defining Dynamic Brute Force Protection

Defining the Prevention Policy

Mitigating Web Scraping

Defining Geolocation Enforcement

Configuring IP Address Exceptions

Lesson 19 : Layer 7 DoS Mitigation

Defining Denial of Service Attacks

Defining General Settings L7 DoS Profile

Defining TPS-Based DoS Protection

Defining Operation Mode

Defining Mitigation Methods

Defining Stress-Based Detection

Defining Proactive Bot Defense

Using Bot Signatures

Lesson 20 : ASM and iRules

Defining Application Security iRule Events

Using ASM iRule Event Modes

iRule Syntax

ASM iRule Commands

Lesson 21 : XML and Web Services

Defining XML

Defining Web Services

Configuring an XML Profile

Schema and WSDL Configuration

XML Attack Signatures

Using Web Services Security

Lesson 22 : Web 2.0 Support: JSON Profiles

Defining Asynchronous JavaScript and XML

Defining JavaScript Object Notation

Configuring a JSON Profile

Lesson 23 : Review and Final Labs

Lesson 24 : Additional Training and Certification

Getting Started Series Web-Based Training

F5 Instructor Led Training Curriculum

F5 Professional Certification Program

Audience

This course is intended for security and network administrators who will be responsible for the installation, deployment, tuning, and day-to-day maintenance of the Application Security Manager.

Available Course Dates

10/02/2017 10:00 am - 10/05/2017 6:00 pm
11/06/2017 10:00 am - 11/09/2017 6:00 pm
12/11/2017 10:00 am - 12/14/2017 6:00 pm
Click here to sign up for this class