Courses

    Pages & Posts

      • IT Training
        • Amazon Cloud (AWS)
        • Analytics and Big Data
        • Cisco
        • Citrix
        • Cloud Computing
        • CompTIA Certification
        • Cybersecurity
        • Deep Learning and AI
        • Development Tools
        • DevOps
        • F5
        • FlexPod
        • IBM
        • IT Security
        • Java
        • Juniper Networks
        • Linux
        • Microsoft
        • Mobile Computing
        • NetApp
        • Oracle
        • Salesforce
        • VMware
        • Web Development, HTML, and JavaScript
        • WebSphere
      • Business Training
        • Business Analysis
        • Enterprise Architecture
        • HIPAA Certification & Training
        • IT Governance
        • ITIL® Certification
        • Project Management
        • Salesforce
        • Scrum & Agile
        • Seminars
      • Services
        • APM Practice
        • Authorized Cisco Training
        • BPM Practice
        • Cloudera Training
        • Distance Learning
        • ITIL® Certification
        • Linux Certification Training
        • Media Security Solutions
        • Microsoft 365
        • Microsoft Official Courses On Demand
        • NetApp Training
        • Salesforce Training
        • Training Facilities
        • Visual Studio TFS Training
        • Enterprise Training Solutions
        • Room Rentals
        • State & Local Government
      • Student Resources
        • Ohio Workforce Training Voucher Program
        • Student Guide / Daily Schedule
        • College Credits / Tuition Reimbursement
        • Career Programs (WIA)
        • Student Policies
        • Testing & Certifications
        • Promotions
        • Local Hotels
        • Local Restaurants
      • F5 Networks Configuring BIG-IP ASM: Application Security Manager v12

      Course Details

      Download PDF
      F5-ASMv12
      4 Days
      04/23/2018 $3,995.00
      Sign Up for This Class

      F5 Networks Configuring BIG-IP ASM: Application Security Manager v12

      Share this course

      Tweet Share
      babsimLIVE Delivery

      Learn skills to manage Web-based and XML application attacks and use Application Security Manager to defend against these attacks, including building security policies, utilizing traffic learning, deploying Application Security Manager with various applications, and testing using realistic web site traffic.

      • Course Outline
      • Audience
      • Available Dates

      Course Outline

      Lesson 1 : Setting up BIG-IP System

      • Introducing the BIG-IP System
      • Initially Setting Up the BIG-IP System
      • Archiving the BIG-IP Configuration
      • F5 Support Resources and Tools

      Lesson 2 : Traffic Processing with BIG-IP

      • Identifying BIG-IP Traffic Processing Objects
      • Understanding Network Packet Flow
      • Understanding Profiles
      • Overview of Local Traffic Policies and ASM

      Lesson 3 : Web Application Concepts

      • Anatomy of a web application
      • An Overview of Common Security Methods
      • Examining HTTP and Web Application Components
      • Examining HTTP Headers
      • Examining HTTP Responses
      • Examining HTML Components
      • How ASM Parses File Types, URLs, and Parameters
      • Using the Fiddler HTTP proxy tool

      Lesson 4 : Web Application Vulnerabilities

      • OWASP Top 10 Vulnerabilities

      Lesson 5 : Security Policy Deployment

      • Comparing Positive and Negative Security
      • Using the Deployment Wizard
      • Deployment Wizard: Local Traffic Deployment
      • Deployment Wizard: Workflow
      • Reviewing Requests
      • Security Checks offered by Rapid Deployment
      • Configuring Data Guard

      Lesson 6 : Policy Tuning and Violations

      • Post-Configuration Traffic Processing
      • Defining False Positives
      • How Violations are Categorized
      • Violation Ratings
      • Enforcement Settings and Staging: Policy Control
      • Defining Signature Staging
      • Defining Enforcement Readiness Period
      • Defining Learning
      • Violations and Learning Suggestions
      • Learning Mode: Automatic or Manual
      • Defining Learn, Alarm and Block settings
      • Interpreting Enforcement Readiness Summary
      • Configuring the Blocking Response Page

      Lesson 7 : Attack Signatures

      • Defining Attack Signatures
      • Creating User-Defined Attack Signatures
      • Attack Signature Normalization
      • Attack Signature Structure
      • Defining Attack Signature Sets
      • Defining Attack Signature Pools
      • Updating Attack Signatures
      • Understanding Attack Signatures and Staging

      Lesson 8 : Positive Security Policy Building

      • Defining Security Policy Components
      • Choosing an Explicit Entities Learning Scheme
      • How to learn: Add All Entities
      • Staging and Entities: The Entity Lifecycle
      • How to Learn: Never (Wildcard Only)
      • How to Learn: Selective
      • Learning Differentiation: Real Threats vs. False positives

      Lesson 9 : Cookies and Other Headers

      • ASM Cookies: What to Enforce
      • Understanding Allowed and Enforced Cookies
      • Configuring Security Processing on HTTP Headers

      Lesson 10 : Reporting and Logging

      • Reporting Capabilities in ASM
      • Viewing DoS Reports
      • Generating an ASM Security Events Report
      • Viewing Log files and Local Facilities
      • Understanding Logging Profile

      Lesson 11 : User Roles and Policy Modification

      • Understanding User Roles and Partitions
      • Comparing Policies
      • Editing and Exporting Security Policies
      • Examples of ASM Deployment Types
      • Overview of ASM Synchronization
      • Collecting Diagnostic Data with asmqkview

      Lesson 12 : Lab Project

      • Lab Project 1

      Lesson 13 : Advanced Parameter Handling

      • Defining Parameters
      • Defining Static Parameters
      • Understanding Dynamic Parameters and Extractions
      • Defining Parameter Levels
      • Understanding Attack Signatures and Parameters

      Lesson 14 : Application-Ready Templates

      • Application Template Overview

      Lesson 15 : Automatic Policy Building

      • Overview of Automatic Policy Building
      • Choosing a Policy Type
      • Defining Policy Building Process Rules
      • Defining the Learning Score

      Lesson 16 : Web Application Vulnerability Scanners

      • Integrating ASM with Vulnerability Scanners
      • Importing Vulnerabilities
      • Resolving Vulnerabilities
      • Using the Generic XML Scanner Output

      Lesson 17 : Login Enforcement & Session Tracking

      • Defining a Login URL
      • Defining Session Awareness and User Tracking

      Lesson 18 : Brute force and Web Scraping Mitigation

      • Defining Anomalies
      • Mitigating Brute Force Attacks
      • Defining Session-Based Brute Force Protection
      • Defining Dynamic Brute Force Protection
      • Defining the Prevention Policy
      • Mitigating Web Scraping
      • Defining Geolocation Enforcement
      • Configuring IP Address Exceptions

      Lesson 19 : Layer 7 DoS Mitigation

      • Defining Denial of Service Attacks
      • Defining General Settings L7 DoS Profile
      • Defining TPS-Based DoS Protection
      • Defining Operation Mode
      • Defining Mitigation Methods
      • Defining Stress-Based Detection
      • Defining Proactive Bot Defense
      • Using Bot Signatures

      Lesson 20 : ASM and iRules

      • Defining Application Security iRule Events
      • Using ASM iRule Event Modes
      • iRule Syntax
      • ASM iRule Commands

      Lesson 21 : XML and Web Services

      • Defining XML
      • Defining Web Services
      • Configuring an XML Profile
      • Schema and WSDL Configuration
      • XML Attack Signatures
      • Using Web Services Security

      Lesson 22 : Web 2.0 Support: JSON Profiles

      • Defining Asynchronous JavaScript and XML
      • Defining JavaScript Object Notation
      • Configuring a JSON Profile

      Lesson 23 : Review and Final Labs Lesson 24 : Additional Training and Certification

      • Getting Started Series Web-Based Training
      • F5 Instructor Led Training Curriculum
      • F5 Professional Certification Program

      Audience

      This course is intended for security and network administrators who will be responsible for the installation, deployment, tuning, and day-to-day maintenance of the Application Security Manager.

      Available Course Dates

      04/23/2018 10:00 am - 04/26/2018 6:00 pm babsimLive Delivery
      05/29/2018 10:00 am - 06/01/2018 6:00 pm babsimLive Delivery
      Click here to sign up for this class

      Related Courses

      F5 Networks Configuring BIG-IP AFM: Advanced ...

      Students are introduced to the AFM user interface, stepping through various opti...

      View course details

      F5 Networks Configuring BIG-IP APM: Access Po...

      F5 BIG-IP Access Policy Manager (APM) is a flexible, high-performance access and...

      View course details

      F5 Networks Configuring BIG-IP DNS: Domain Na...

      This course gives networking professionals a functional understanding of the BIG...

      View course details

      F5 Networks Configuring BIG-IP LTM: Local Tra...

      Provides networking professionals a functional understanding of the BIG-IP LTM v...

      View course details

      F5 Networks Securing Apps with F5 Solutions...

      This Security Workshop provides participants with an opportunity to experiment w...

      View course details

      F5 Networks Troubleshooting BIG-IP v12...

      This two-day course provides networking professionals with an introduction to th...

      View course details

      College Credit, CEUs, PDUs and CDUs
      When you take courses with the Babbage Simmel, be sure you get the credit you deserve. Curriculum offered by Babbage Simmel can earn you college credit, CEUs, PDUs or CDUs.

      College Credit
      Select curriculum offered by Babbage Simmel is part of the accredited University of Findlay's undergraduate course catalogs. For questions please E-Mail: info@babsim.com or call 614-481-4345.

      Continuing Education Units (CEUs)
      Continuing Education Units (CEUs) are nationally recognized standard units of measurement earned for satisfactory completion of qualified programs of continuing education. If you need more information about CEUs, please E-Mail: info@babsim.com or call 614-481-4345.

      Professional Development Units (PDUs)
      Professional Development Units (PDUs) can be issued by PMI® for formal learning activities related to project management. Project Management Professionals (PMPs®) are required to earn a minimum of 60 PDUs every 3 years to maintain certification. For more information about this program go to the PMI® web site or call 1-855 746 4849.

      Continuing Development Units (CDUs)
      CDUs may be earned by attending professional development (e.g. courses, seminars) offered by organizations endorsed by IIBA® and designated as an EEP vendor. As an IIBA Endorsed Education Provider (EEP) Babbage Simmel's IIBA® endorsed courses qualify for CDU credit. For more information about CDUs go the IIBA® web site or call 1-647-426-3735.

      Our babsimLIVE distance learning brings the classroom learning experience to you by seating you virtually into a real-life instructor-led classroom taught by award winning world-class instructors with other IT professionals like yourself. From the comfort of your home, workplace, or at the Babbage Simmel Columbus Campus, you acquire the training you need, when you want it, in the environment that is most comfortable for you to be successful.

      About Us Contact Us Blog Find A Course

      © Copyright 2018 • Babbage Simmel. All Rights Reserved. Columbus Web Design by Jetpack | Privacy Policy