F5V11ASM: F5 Networks Configuring BIG-IP ASM v11: Application Security Manager

Start Date Time Days Price GTR Availability
May 01, 2017 10:00 (EST) 4 $5,200.00 Register
June 12, 2017 10:00 (EST) 4 $5,200.00 Register


Overview: Learn skills to manage Web-based and XML application attacks and use Application Security Manager to defend against these attacks, including building security policies, utilizing traffic learning, deploying Application Security Manager with various applications, and testing using realistic web site traffic.


Pre-requisite(s): Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.





Lesson 1: Setting up the BIG-IP System

Introducing the BIG-IP System

Initially Setting Up the BIG-IP System

Configuring the Management Interface

Provisioning Modules and Resources

Importing a Device Certificate

Specifying BIG-IP Platform Properties

Configuring the Network

Configuring NTP Servers

Configuring DNS Settings

Configuring High Availability Options

Configuring a Standard Pair

Creating an Archive of the BIG-IP System

Leveraging F5 Support Resources and Tools


Lesson 2: Traffic Processing with BIG-IP

Understanding Traffic Processing with LTM

Understanding Network Packet Flow

Understanding Profiles and ASM

Overview of Local Traffic Policies and ASM


Lesson 3: Web Application Concepts

Anatomy of a web application

An Overview of Common Security Methods

Examining HTTP and Web Application Components

Examining HTTP Headers

Examining HTTP Responses

Examining HTML Components

How ASM Parses File Types, URLs, and Parameters

Using the Fiddler HTTP proxy tool


Lesson 4: Web Application Vulnerabilities

OWASP Top 10 (2013)

Summary of Risk Mitigation using ASM


Lesson 5: Security Policy Deployment

About Positive and Negative Security Models

Deployment Wizard: Policy creation scenarios

Features of the Rapid Deployment template

Deployment Wizard: Local Traffic Deployment

Deployment Wizard: Configuration Settings

Enforcement Settings

Reviewing Requests

Violations and Security Policy Building

Reviewing Violations

Security Policy Blocking Settings

Configuring the Blocking Response Page

Configuring Data Guard


Lesson 6: Attack Signatures

Defining Attack Signatures

Attack Signature Features

Defining Attack Signature Sets

About User-defined Attack Signatures

Updating Attack Signatures

Understanding Attack Signatures and staging


Lesson 7: Positive Security Policy Building

Defining Security Policy Components

Choosing an Explicit Entities Learning Scheme

Understanding Add All Entities

Security through Entity Learning

Reviewing Staging and Enforcement

Understanding Never (Wildcard Only)

Using the Selective mode

Learning Differentiation: Real threats vs. false positives


Lesson 8: Cookies and other Headers

Purpose of ASM Cookies

Understanding Allowed and Enforced Cookies

Configuring security processing on HTTP headers


Lesson 9: Reporting and Logging

Reporting Capabilities in ASM

Generating an ASM Security Events Report

Viewing Logs

Understanding Logging Profiles


Lesson 10: User Roles, policy modification, and other deployments

Understanding User Roles and Partitions

Editing and Exporting Security Policies

Examples of ASM Deployment Types

Overview of ASM Synchronization

Collecting diagnostic data with asmqkview


Lesson 11: Lab Project 1


Lesson 12: Advanced Parameter Handling

Defining Parameters

Defining Static Parameters

Understanding Dynamic Parameters and Extractions

Defining Parameter Levels

Understanding Attack Signatures and Parameters


Lesson 13: Application–ready Templates

Application-Ready Template Overview


Lesson 14: Real Traffic Policy Builder

Overview of the Real Traffic Policy Builder

Policy Building Steps

Defining Policy Types

Real Traffic Policy Builder Rules


Lesson 15: Web Application Vulnerability Scanners

Integrating ASM with Application Vulnerability Scanners

Resolving Vulnerabilities

Using the generic XML scanner output


Lesson 16: Login Enforcement, Session Tracking, and Flows

Defining Login Pages

Defining Session Awareness and User Tracking

Defining Flows


Lesson 17: Anomaly Detection

Defining Anomaly Detection

Preventing Web Scraping

Preventing Denial of Service Attacks

Configuring Geolocation Enforcement

Configuring IP Address Exceptions


Lesson 18: ASM and iRules

Defining iRules and iRule events

Using ASM iRule Event Modes

iRule syntax

ASM iRule Commands


Lesson 19: AJAX and JSON Support

Defining Asynchronous JavaScript and XML

Defining JavaScript Object Notation

Configuring a JSON profile


Lesson 20: XML and web services

Defining XML

Defining Web Services

Configuring an XML profile

Schema and WSDL Configuration

XML Attack Signatures

Using Web Services Security


Lesson 21: Review and Final Lab Projects

Final Lab Project Option 1: Custom Rule for ASM-enabled local traffic policies

Final Lab Project Option 2: Production Scenario

Final Lab Project Option 3: JSON Parsing

Final Lab Project Option 4: XML & Web Services


Lesson 22: Additional Training and Certifications