F5 BIG-IP APPLICATION SECURITY MANAGER (ASM) V11

4 Days

Description

Course Details

In this course, you will learn how to deploy, tune, and operate BIG-IP Application Security Manager (ASM) to protect your web applications from HTTP-based attacks.

The course includes lecture, hands-on labs, and discussion about different ASM components for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day.

No Upcoming Public Classes

There are currently no public events available for this course. However, you can submit a request for a new date and we will try our best to get you into a F5 BIG-IP APPLICATION SECURITY MANAGER (ASM) V11 class.

Private Training Available
No date scheduled, don’t see a date that works for you or looking for a private training event, please call 651-905-3729 or submit a request for further information here.
request a private session or new date

Course Overview

  • Chapter 1: Setting Up the BIG-IP System
    • Introducing the BIG-IP System
    • Initially Setting Up the BIG-IP System
    • Archiving the BIG-IP System Configuration
    • Leveraging F5 Support Resources and Tools
  • Chapter 2: Traffic Processing with BIG-IP
    • Identifying BIG-IP Traffic Processing Objects
    • Overview of Network Packet Flow
    • Understanding Profiles
    • Overview of Local Traffic Policies and ASM
    • HTTP Request Flow
    • Chapter Resources
  • Chapter 3: Web Application Concepts
    • Overview of Web Application Request Processing
    • Web Application are Vulnerable Even with SSL
    • Layer 7 Protection with Web Application Firewalls
    • Overview of Web Communication Elements
    • Parsing URLs
    • Overview of the HTTP Request Structure
    • Method: Perform Actions on a Server
    • HTTP Methods ASM Accepts by Default
    • Comparing POST with GET
    • Risks Within Other Methods
    • Methods Enforcement for URLs
    • HTTP Response Codes
    • Examining HTTP Responses
    • HTTP User Input Forms: Free Text Input
    • User Input Forms: Free Text Input
    • How ASM Parses File Types, URLs, and Parameters
    • Using the Fiddler HTTP Proxy
    • Chapter Resources
  • Chapter 4: Common Web Application Vulnerabilities
    • Common Exploits Against Web Applications
  • Chapter 5: Security Policy Deployment
    • Deployment: Combining Positive and Negative Security
    • The Deployment Workflow
    • Policy Type: How Will the Policy Be Applied
    • Policy Template: Determines the Level of Protection
    • Policy Templates: Automatic or Manual Policy Building
    • Deployment Workflow: Advanced Settings
    • Viewing Requests
    • Security Checks Offered by Rapid Deployment
    • Response Checks Using Data Guard
    • Chapter Resources
  • Chapter 6: Policy Tuning and Violations
    • Post-Deployment Traffic Processing
    • Defining Violations
    • Defining False Positives
    • How Violations are Categorized
    • Violation Rating: A Threat Scale
    • Defining Staging and Enforcement
    • Defining Enforcement Mode
    • Defining the Enforcement Readiness Period
    • Defining Learning
    • Defining Learning Suggestions
    • Choosing Automatic or Manual Learning
    • Defining the Learn, Alarm and Block Settings
    • Interpreting the Enforcement Readiness Summary
    • Configuring the Blocking Response Page
    • Chapter Resources
  • Chapter 7: Attack Signatures
    • Defining Attack Signatures
    • Creating User-Defined Attack Signatures
    • Defining Attack Signature Sets
    • Defining Attack Signature Pools
    • Updating Attack Signatures
    • Understanding Attack Signatures and Staging
    • Chapter Resources
  • Chapter 8: Positive Security Policy Building
    • Defining Security Policy Components
    • Defining the Wildcard
    • The Entity Staging Lifecycle
    • Choosing the Learning Scheme
    • How to Learn: Never (Wildcard Only)
    • How To Learn: Always
    • How to Learn: Selective
    • Reviewing the Enforcement Readiness Period: Entities
    • Violations Without Learning Suggestions
    • Defining the Learning Score
    • Defining Trusted and Untrusted IP Addresses
    • How to Learn: Compact
    • Chapter Resources
  • Chapter 9: Cookies and Other Headers
    • ASM Cookies: What to Enforce
    • Defining Allowed and Enforced Cookies
    • Configuring Security Processing on HTTP headers
    • Chapter Resources
  • Chapter 10: Reporting and Logging
    • Reporting: Build Your Own View 
    • Reporting: Chart Based on Filters 
    • Brute Force and Web Scraping Statistics 
    • Viewing ASM Resource Reports 
    • PCI Compliance: PCI-DSS 3.0 
    • Generating a Security Events Report 
    • Viewing Traffic Learning Graphs 
    • Local Logging Facilities and Destinations 
    • Viewing Logs in the Configuration Utility 
    • Logging Profiles: Build What You Need 
    • Chapter Resources
  • Chapter 11: Lab Project
  • Chapter 12: User Roles and Policy Modification
    • Defining User Roles
    • Defining ASM User Roles
    • Defining Partitions
    • Configuring User Partition Access
    • Comparing Security Policies with Policy Diff
    • Merging Security Policies
    • Editing and Exporting Security Policies
    • Restoring with Policy History
    • Examples of ASM Deployment Types
    • ConfigSync and ASM Security Data
    • ASMQKVIEW: Provide to F5 Support for Troubleshooting 
    • Chapter Resources
  • Chapter 13: Advanced Parameter Handling
    • Defining Parameter Types
    • Defining Static Parameters
    • Defining Dynamic Parameters
    • Defining Dynamic Parameter Extraction Properties
    • Defining Parameter Levels
    • Other Parameter Considerations
    • Chapter Resources
  • Chapter 14: Application-Ready Templates
    • Application Templates: Pre-Configured Baseline Security
    • Chapter Resources
  • Chapter 15: Automatic Policy Building
    • Overview of Automatic Policy Building
    • Defining Templates Which Automate Learning
    • Defining Policy Loosening
    • Defining Policy Tightening
    • Defining Learning Speed: Traffic Sampling
    • Defining Track Site Changes
    • Chapter Resources
  • Chapter 16: Web Application Vulnerability Scanners
    • Integrating Scanner Output Into ASM
    • Will Scan be Used for a New or Existing Policy?
    • Importing Vulnerabilities
    • Resolving Vulnerabilities
    • Using the Generic XML Scanner XSD File
    • Chapter Resources
  • Chapter 17: Login Enforcement & Session Tracking
    • Defining a Login URL
    • Login Enforcement: Time and Logout Conditions
    • Defining Session Tracking
    • Configuring Actions Upon Violation Detection
    • Session Hijacking Mitigation
    • Why Fingerprint a Client
    • Chapter Resources
  • Chapter 18: Brute Force and Web Scraping Mitigation
    • Defining Anomalies
    • Mitigating Brute Force Attacks via Login Page
    • Defining Session-Based Brute Force Protection
    • Defining Dynamic Brute Force Protection
    • Defining the Prevention Policy
    • Defining Web Scraping
    • Defining Geolocation Enforcement
    • Configuring IP Address Exceptions
    • Chapter Resources
  • Chapter 19: Layered Policies
    • Defining a Parent Policy
    • Defining Inheritance
    • Parent Policy Deployment Use Cases
    • Chapter Resources
  • Chapter 20: Layer 7 DoS mitigation
    • Defining Denial of Service Attacks
    • Defining DoS Profile General Settings
    • Defining Proactive Bot Defense
    • Using Bot Signatures
    • Defining TPS-based DoS Protection
    • Defining Operation Mode
    • Defining Mitigation Methods
    • Defining Behavioral and Stress-Based Detection
    • Defining Behavioral DoS
    • Chapter Resources
  • Chapter 21: ASM and iRules
    • Common Uses for iRules
    • Identifying iRule Components
    • Triggering iRules with Events
    • Defining ASM iRule Events
    • Defining ASM iRule Commands
    • Using ASM iRule Event Modes
    • Chapter Resources
  • Chapter 22: Content Profiles
    • Defining Asynchronous JavaScript and XML
    • Defining JavaScript Object Notation (JSON)
    • Defining Content Profiles
    • The Order of Operations for URL Classification
    • Chapter Resources
  • Chapter 23: Review and Final Labs

No Upcoming Public Classes

There are currently no public events available for this course. However, you can submit a request for a new date and we will try our best to get you into a F5 BIG-IP APPLICATION SECURITY MANAGER (ASM) V11 class.

Private Training Available
No date scheduled, don’t see a date that works for you or looking for a private training event, please call 651-905-3729 or submit a request for further information here.
request a private session or new date

Prerequisites

Understanding of:

  • Basic HTTP and HTML concepts
  • Basic security concepts
  • Common network terminology
  • Web application terminology

Proficiency in:

  • Basic PC operation and application skills, including operating a CD drive, keyboard, mouse, and Windows OS
  • Basic web browser operation (Internet Explorer)

No Upcoming Public Classes

There are currently no public events available for this course. However, you can submit a request for a new date and we will try our best to get you into a F5 BIG-IP APPLICATION SECURITY MANAGER (ASM) V11 class.

Private Training Available
No date scheduled, don’t see a date that works for you or looking for a private training event, please call 651-905-3729 or submit a request for further information here.
request a private session or new date