F5-ASM-11

F5 Networks Configuring BIG-IP ASM v11: Application Security Manager

Description

Learn skills in this 4 day instructor led course to manage Web-based and XML application attacks and use Application Security Manager to defend against these attacks, including building security policies, utilizing traffic learning, deploying Application Security Manager with various applications, and testing using realistic web site traffic.

Outline

Lesson 1 : Setting up the BIG-IP System
  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Configuring the Management Interface
  • Provisioning Modules and Resources
  • Importing a Device Certificiate
  • Specifying BIG-IP Platform Properties
  • Configuring the Network
  • Configuring NTP Servers
  • Configuring DNS Settings
  • Configuring High Availability Options
  • Configuring a Standard Pair
  • Creating an Archive of the BIG-IP System
  • Leveraging F5 Support Resources and Tools
Lesson 2 : Traffic Processing with BIG-IP
  • Understanding Traffic Processing with LTM
  • Understanding Network Packet Flow
  • Understanding Profiles and ASM
  • Overview of Local Traffic Policies and ASM
Lesson 3 : Web Application Concepts
  • Anatomy of a web application
  • An Overview of Common Security Methods
  • Examining HTTP and Web Application Components
  • Examining HTTP Headers
  • Examining HTTP Responses
  • Examining HTML Components
  • How ASM Parses File Types, URLs, and Parameters
  • Using the Fiddler HTTP proxy tool
Lesson 4 : Web Application Vulnerabilities
  • OWASP Top 10 (2013)
  • Summary of Risk Mitigation using ASM
Lesson 5 : Security Policy Deployment
  • About Positive and Negative Security Models
  • Deployment Wizard: Policy creation scenarios
  • Features of the Rapid Deployment template
  • Deployment Wizard: Local Traffic Deployment
  • Deployment Wizard: Configuration Settings
  • Enforcement Settings
  • Reviewing Requests
  • Violations and Security Policy Building
  • Reviewing Violations
  • Security Policy Blocking Settings
  • Configuring the Blocking Response Page
  • Configuring Data Guard
Lesson 6 : Attack Signatures
  • Defining Attack Signatures
  • Attack Signature Features
  • Defining Attack Signature Sets
  • About User-defined Attack Signatures
  • Updating Attack Signatures
  • Understanding Attack Signatures and staging
Lesson 7 : Positive Security Policy Building
  • Defining Security Policy Components
  • Choosing an Explicit Entities Learning Scheme
  • Understanding Add All Entities
  • Security through Entity Learning
  • Reviewing Staging and Enforcement
  • Understanding Never (Wildcard Only)
  • Using the Selective mode
  • Learning Differentiation: Real threats vs. false positives
Lesson 8 : Cookies and other Headers
  • Purpose of ASM Cookies
  • Understanding Allowed and Enforced Cookies
  • Configuring security processing on HTTP headers
Lesson 9 : Reporting and Logging
  • Reporting Capabilities in ASM
  • Generating an ASM Security Events Report
  • Viewing Logs
  • Understanding Logging Profiles
Lesson 10 : User Roles, policy modification, and other deployments
  • Understanding User Roles and Partitions
  • Editing and Exporting Security Policies
  • Examples of ASM Deployment Types
  • Overview of ASM Synchronization
  • Collecting diagnostic data with asmqkview
Lesson 11 : Lab Project 1Lesson 12 : Advanced Parameter Handling
  • Defining Parameters
  • Defining Static Parameters
  • Understanding Dynamic Parameters and Extractions
  • Defining Parameter Levels
  • Understanding Attack Signatures and Parameters
Lesson 13 : Application–ready Templates
  • Application-Ready Template Overview
Lesson 14 : Real Traffic Policy Builder
  • Overview of the Real Traffic Policy Builder
  • Policy Building Steps
  • Defining Policy Types
  • Real Traffic Policy Builder Rules
Lesson 15 : Web Application Vulnerability Scanners
  • Integrating ASM with Application Vulnerability Scanners
  • Resolving Vulnerabilities
  • Using the generic XML scanner output
Lesson 16 : Login Enforcement, Session Tracking, and Flows
  • Defining Login Pages
  • Defining Session Awareness and User Tracking
  • Defining Flows
Lesson 17 : Anomaly Detection
  • Defining Anomaly Detection
  • Preventing Web Scraping
  • Preventing Denial of Service Attacks
  • Configuring Geolocation Enforcement
  • Configuring IP Address Exceptions
Lesson 18 : ASM and iRules
  • Defining iRules and iRule events
  • Using ASM iRule Event Modes
  • iRule syntax
  • ASM iRule Commands
Lesson 19 : AJAX and JSON Support
  • Defining Asynchronous JavaScript and XML
  • Defining JavaScript Object Notation
  • Configuring a JSON profile
Lesson 20 : XML and web services
  • Defining XML
  • Defining Web Services
  • Configuring an XML profile
  • Schema and WSDL Configuration
  • XML Attack Signatures
  • Using Web Services Security
Lesson 21 : Review and Final Lab Projects
  • Final Lab Project Option 1: Custom Rule for ASM-enabled local traffic policies
  • Final Lab Project Option 2: Production Scenario
  • Final Lab Project Option 3: JSON Parsing
  • Final Lab Project Option 4: XML & Web Services
Lesson 22 : Additional Training and Certifications

PreRequisites

Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.
$3995.00 List Price

4 Days Course

Class Dates

We don't have a public class scheduled currently. However, we can offer Private Training for your group or we can add a public class date. Let us know your interest. Request a Private Class or Request a Class Date with links below.

Pre-Paid
Categories: , Tags: ,
Loading ...