F5V12ASM: F5 Networks Configuring BIG-IP ASM v12: Application Security Manager

Start Date Time Days Price GTR Availability
August 21, 2017 10:00 (EST) 4 $5,200.00 Register
October 02, 2017 10:00 (EST) 4 $5,200.00 Register
November 06, 2017 10:00 (EST) 4 $5,200.00 Register
December 11, 2017 10:00 (EST) 4 $5,200.00 Register

 

Overview: Learn skills to manage Web-based and XML application attacks and use Application Security Manager to defend against these attacks, including building security policies, utilizing traffic learning, deploying Application Security Manager with various applications, and testing using realistic web site traffic.

 

Pre-requisite(s): Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.

 

 

Outline:

 

Lesson 1: Setting Up the BIG-IP System

Introducing the BIG-IP System

Initially Setting Up the BIG-IP System

Archiving the BIG-IP System Configuration

Leveraging F5 Support Resources and Tools

Chapter Resources

BIG-IP System Setup Labs

 

Lesson 2: Traffic Processing with BIG-IP

Identifying BIG-IP Traffic Processing Objects

Understanding Network Packet Flow

Understanding Profiles

Overview of Local Traffic Policies and ASM

 

Lesson 3: Web Application Concepts

Anatomy of a Web Application

An Overview of Common Security Methods

Examining HTTP and Web Application Components

Examining HTTP Headers

Examining HTTP Responses

Examining HTML Components

How ASM Parses File Types, URLs, and Parameters

Using the Fiddler HTTP Proxy Tool

 

Lesson 4: Web Application Vulnerabilities

OWASP Top 10 Vulnerabilities

 

Lesson 5: Security Policy Deployment

Comparing Positive and Negative Security

Using the Deployment Wizard

Deployment Wizard: Local Traffic Deployment

Deployment Wizard: Workflow

Reviewing Requests

Security Checks offered by Rapid Deployment

Configuring Data Guard

 

Lesson 6: Policy Tuning and Violations

Post-Configuration Traffic Processing

Defining False Positives

How Violations are Categorized

Violation Ratings

Enforcement Settings and Staging: Policy Control

Defining Signature Staging

Defining Enforcement Readiness Period

Defining Learning

Violations and Learning Suggestions

Learning Mode: Automatic or Manual

Defining Learn, Alarm and Block settings

Interpreting Enforcement Readiness Summary

Configuring the Blocking Response Page

 

Lesson 7: Attack Signatures

Defining Attack Signatures

Creating User-Defined Attack Signatures

Attack Signature Normalization

Attack Signature Structure

Defining Attack Signature Sets

Defining Attack Signature Pools

Updating Attack Signatures

Understanding Attack Signatures and Staging

 

Lesson 8: Positive Security Policy Building

Defining Security Policy Components

Choosing an Explicit Entities Learning Scheme

How to learn: Add All Entities

Staging and Entities: The Entity Lifecycle

How to Learn: Never (Wildcard Only)

How to Learn: Selective

Learning Differentiation: Real Threats vs. False positives

 

Lesson 9: Cookies and Other Headers

ASM Cookies: What to Enforce

Understanding Allowed and Enforced Cookies

Configuring Security Processing on HTTP Headers

 

Lesson 10: Reporting and Logging

Reporting Capabilities in ASM

Viewing DoS Reports

Generating an ASM Security Events Report

Viewing Log files and Local Facilities

Understanding Logging Profiles

 

Lesson 11: User Roles and Policy Modification

Understanding User Roles and Partitions

Comparing Policies

Editing and Exporting Security Policies

Examples of ASM Deployment Types

Overview of ASM Synchronization

Collecting Diagnostic Data with asmqkview

 

Lesson 12: Lab Project

Lab Project 1

 

Lesson 13: Advanced Parameter Handling

Defining Parameters

Defining Static Parameters

Understanding Dynamic Parameters and Extractions

Defining Parameter Levels

Understanding Attack Signatures and Parameters

 

Lesson 14: Application-Ready Templates

Application Template Overview

 

Lesson 15: Automatic Policy Building

Overview of Automatic Policy Building

Choosing a Policy Type

Defining Policy Building Process Rules

Defining the Learning Score

 

Lesson 16: Web Application Vulnerability Scanners

Integrating ASM with Vulnerability Scanners

Importing Vulnerabilities

Resolving Vulnerabilities

Using the Generic XML Scanner Output

 

Lesson 17: Login Enforcement & Session Tracking

Defining a Login URL

Defining Session Awareness and User Tracking

 

Lesson 18: Brute force and Web Scraping Mitigation

Defining Anomalies

Mitigating Brute Force Attacks

Defining Session-Based Brute Force Protection

Defining Dynamic Brute Force Protection

Defining the Prevention Policy

Mitigating Web Scraping

Defining Geolocation Enforcement

Configuring IP Address Exceptions

 

Lesson 19: Layer 7 DoS Mitigation

Defining Denial of Service Attacks

Defining General Settings L7 DoS Profile

Defining TPS-Based DoS Protection

Defining Operation Mode

Defining Mitigation Methods

Defining Stress-Based Detection

Defining Proactive Bot Defense

Using Bot Signatures

 

Lesson 20: ASM and iRules

Defining Application Security iRule Events

Using ASM iRule Event Modes

iRule Syntax

ASM iRule Commands

 

Lesson 21: XML and Web Services

Defining XML

Defining Web Services

Configuring an XML Profile

Schema and WSDL Configuration

XML Attack Signatures

Using Web Services Security

 

Lesson 22: Web 2.0 Support: JSON Profiles

Defining Asynchronous JavaScript and XML

Defining JavaScript Object Notation

Configuring a JSON Profile

 

Lesson 23: Review and Final Labs