{"course":{"productid":20054,"modality":6,"active":true,"language":"en","title":"Configuring F5 Advanced WAF (previously licensed as ASM)","productcode":"TRG-BIG-AWF-CFG","vendorcode":"F5","vendorname":"F5 Networks","fullproductcode":"F5-TRG-BIG-AWF-CFG","courseware":{"has_ekit":false,"has_printkit":true,"language":"en"},"url":"https:\/\/portal.flane.ch\/course\/f5networks-trg-big-awf-cfg","objective":"<ul>\n<li>Students should be able to:<\/li><li>Describe the role of the BIG-IP system as a full proxy device in an application delivery network<\/li><li>Provision the F5 Advanced Web Application Firewall<\/li><li>Define a web application firewall<\/li><li>Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters<\/li><li>Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other templates) and define the security checks included in each<\/li><li>Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall<\/li><li>Define attack signatures and explain why attack signature staging is important<\/li><li>Deploy Threat Campaigns to secure against CVE threats<\/li><li>Contrast positive and negative security policy implementation and explain benefits of each<\/li><li>Configure security processing at the parameter level of a web application<\/li><li>Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder<\/li><li>Tune a policy manually or allow automatic policy building<\/li><li>Integrate third party application vulnerability scanner output into a security policy<\/li><li>Configure login enforcement for flow control<\/li><li>Mitigate credential stuffing<\/li><li>Configure protection against brute force attacks<\/li><li>Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents<\/li><li>Deploy DataSafe to secure client-side data<\/li><\/ul>","essentials":"<p>Prerequisite &ndash; Students must complete ONE of these: <\/p>\n<ul>\n<li>Attend an <span class=\"cms-link-marked\"><a class=\"fl-href-prod\" href=\"\/swisscom\/en\/course\/f5networks-trg-big-op-admin\"><svg role=\"img\" aria-hidden=\"true\" focusable=\"false\" data-nosnippet class=\"cms-linkmark\"><use xlink:href=\"\/css\/img\/icnset-linkmarks.svg#linkmark\"><\/use><\/svg>Administering BIG-IP <span class=\"fl-prod-pcode\">(TRG-BIG-OP-ADMIN)<\/span><\/a><\/span> class<\/li><li>Achieve F5 Certified BIG-IP Administrator certification<\/li><li>Pass the free Administering BIG-IP Course Equivalency Assessment with a score of 70% or higher<\/li><\/ul><p>The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course: <\/p>\n<ul>\n<li>OSI model encapsulation<\/li><li>Routing and switching<\/li><li>Ethernet and ARP<\/li><li>TCP\/IP concepts<\/li><li>IP addressing and subnetting<\/li><li>NAT and private IP addressing<\/li><li>Default gateway<\/li><li>Network firewalls<\/li><li>LAN vs. WAN<\/li><\/ul>","contents":"<ul>\n<li>Resource provisioning for F5 Advanced Web Application Firewall<\/li><li>Traffic processing with BIG-IP Local Traffic Manager (LTM)<\/li><li>Web application concepts<\/li><li>Mitigating the OWASP Top 10 and other vulnerabilities<\/li><li>Security policy deployment<\/li><li>Security policy tuning<\/li><li>Deploying Attack Signatures and Threat Campaigns<\/li><li>Positive security building<\/li><li>Securing cookies and other headers<\/li><li>Reporting and logging<\/li><li>Advanced parameter handling<\/li><li>Using Automatic Policy Builder<\/li><li>Integrating with web vulnerability scanners<\/li><li>Login enforcement for flow control<\/li><li>Brute force and credential stuffing mitigation<\/li><li>Session tracking for client reconnaissance<\/li><li>Using Parent and Child policies<\/li><li>Layer 7 DoS protection<\/li><li>Transaction Per Second-based DoS protection<\/li><li>Layer 7 Behavioral DoS Protection<\/li><li>Configuring Advanced Bot Defense<\/li><li>Web Scraping and other Microservice Protection<\/li><li>Working with Bot Signatures<\/li><li>Using DataSafe to Secure the client side of the Document Object Model<\/li><li>Certification<\/li><li>303 ASM Specialist<\/li><\/ul>","outline":"<h5>Chapter 1: Setting Up the BIG-IP System<\/h5><ul>\n<li>Introducing the BIG-IP System<\/li><li>Initially Setting Up the BIG-IP System<\/li><li>Archiving the BIG-IP System Configuration<\/li><li>Leveraging F5 Support Resources and Tools<\/li><\/ul><h5>Chapter 2: Traffic Processing with BIG-IP<\/h5><ul>\n<li>Identifying BIG-IP Traffic Processing Objects<\/li><li>Understanding Profiles<\/li><li>Overview of Local Traffic Policies<\/li><li>Visualizing the HTTP Request Flow<\/li><\/ul><h5>Chapter 3: Web Application Concepts<\/h5><ul>\n<li>Overview of Web Application Request Processing<\/li><li>Web Application Firewall: Layer 7 Protection<\/li><li>Layer 7 Security Checks<\/li><li>Overview of Web Communication Elements<\/li><li>Overview of the HTTP Request Structure<\/li><li>Examining HTTP Responses<\/li><li>How F5 Advanced WAF Parses File Types, URLs, and Parameters<\/li><li>Using the Fiddler HTTP Proxy<\/li><\/ul><h5>Chapter 4: Web Application Vulnerabilities<\/h5><ul>\n<li>A Taxonomy of Attacks: The Threat Landscape<\/li><li>Common Exploits Against Web Applications<\/li><\/ul><h5>Chapter 5: Security Policy Deployment<\/h5><ul>\n<li>Defining Learning<\/li><li>Comparing Positive and Negative Security Models<\/li><li>The Deployment Workflow<\/li><li>Assigning Policy to Virtual Server<\/li><li>Deployment Workflow: Using Advanced Settings<\/li><li>Configure Server Technologies<\/li><li>Defining Attack Signatures<\/li><li>Viewing Requests<\/li><li>Security Checks Offered by Rapid Deployment<\/li><li>Defining Attack Signatures<\/li><\/ul><h5>Chapter 6: Policy Tuning and Violations<\/h5><ul>\n<li>Post-Deployment Traffic Processing<\/li><li>How Violations are Categorized<\/li><li>Violation Rating: A Threat Scale<\/li><li>Defining Staging and Enforcement<\/li><li>Defining Enforcement Mode<\/li><li>Defining the Enforcement Readiness Period<\/li><li>Reviewing the Definition of Learning<\/li><li>Defining Learning Suggestions<\/li><li>Choosing Automatic or Manual Learning<\/li><li>Defining the Learn, Alarm and Block Settings<\/li><li>Interpreting the Enforcement Readiness Summary<\/li><li>Configuring the Blocking Response Page<\/li><\/ul><h5>Chapter 7: Attack Signatures and Threat Campaigns<\/h5><ul>\n<li>Defining Attack Signatures<\/li><li>Attack Signature Basics<\/li><li>Creating User-Defined Attack Signatures<\/li><li>Defining Simple and Advanced Edit Modes<\/li><li>Defining Attack Signature Sets<\/li><li>Defining Attack Signature Pools<\/li><li>Understanding Attack Signatures and Staging<\/li><li>Updating Attack Signatures<\/li><li>Defining Threat Campaigns<\/li><li>Deploying Threat Campaigns<\/li><\/ul><h5>Chapter 8: Positive Security Policy Building<\/h5><ul>\n<li>Defining and Learning Security Policy Components<\/li><li>Defining the Wildcard<\/li><li>Defining the Entity Lifecycle<\/li><li>Choosing the Learning Scheme<\/li><li>How to Learn: Never (Wildcard Only)<\/li><li>How to Learn: Always<\/li><li>How to Learn: Selective<\/li><li>Reviewing the Enforcement Readiness Period: Entities<\/li><li>Viewing Learning Suggestions and Staging Status<\/li><li>Defining the Learning Score<\/li><li>Defining Trusted and Untrusted IP Addresses<\/li><li>How to Learn: Compact<\/li><\/ul><h5>Chapter 9: Securing Cookies and Other Headers<\/h5><ul>\n<li>The Purpose of F5 Advanced WAF Cookies<\/li><li>Defining Allowed and Enforced Cookies<\/li><li>Securing HTTP headers<\/li><\/ul><h5>Chapter 10: Visual Reporting and Logging<\/h5><ul>\n<li>Viewing Application Security Summary Data<\/li><li>Reporting: Build Your Own View<\/li><li>Reporting: Chart based on filters<\/li><li>Brute Force and Web Scraping Statistics<\/li><li>Viewing Resource Reports<\/li><li>PCI Compliance: PCI-DSS 3.0<\/li><li>Analyzing Requests<\/li><li>Local Logging Facilities and Destinations<\/li><li>Viewing Logs in the Configuration Utility<\/li><li>Defining the Logging Profile<\/li><li>Configuring Response Logging<\/li><\/ul><h5>Chapter 11: Lab Project 1<\/h5><h5>Chapter 12: Advanced Parameter Handling<\/h5><ul>\n<li>Defining Parameter Types<\/li><li>Defining Static Parameters<\/li><li>Defining Dynamic Parameters<\/li><li>Defining Parameter Levels<\/li><li>Other Parameter Considerations<\/li><\/ul><h5>Chapter 13: Automatic Policy Building<\/h5><ul>\n<li>Overview of Automatic Policy Building<\/li><li>Defining Templates Which Automate Learning<\/li><li>Defining Policy Loosening<\/li><li>Defining Policy Tightening<\/li><li>Defining Learning Speed: Traffic Sampling<\/li><li>Defining Track Site Changes<\/li><\/ul><h5>Chapter 14: Web Application Vulnerability Scanner Integration<\/h5><ul>\n<li>Integrating Scanner Output<\/li><li>Importing Vulnerabilities<\/li><li>Resolving Vulnerabilities<\/li><li>Using the Generic XML Scanner XSD file<\/li><\/ul><h5>Chapter 15: Deploying Layered Policies<\/h5><ul>\n<li>Defining a Parent Policy<\/li><li>Defining Inheritance<\/li><li>Parent Policy Deployment Use Cases<\/li><\/ul><h5>Chapter 16: Login Enforcement and Brute Force Mitigation<\/h5><ul>\n<li>Defining Login Pages for Flow Control<\/li><li>Configuring Automatic Detection of Login Pages<\/li><li>Defining Brute Force Attacks<\/li><li>Brute Force Protection Configuration<\/li><li>Source-Based Brute Force Mitigations<\/li><li>Defining Credential Stuffing<\/li><li>Mitigating Credential Stuffing<\/li><\/ul><h5>Chapter 17: Reconnaissance with Session Tracking<\/h5><ul>\n<li>Defining Session Tracking<\/li><li>Configuring Actions Upon Violation Detection<\/li><\/ul><h5>Chapter 18: Layer 7 DoS Mitigation<\/h5><ul>\n<li>Defining Denial of Service Attacks<\/li><li>Defining the DoS Protection Profile<\/li><li>Overview of TPS-based DoS Protection<\/li><li>Creating a DoS Logging Profile<\/li><li>Applying TPS Mitigations<\/li><li>Defining Behavioral and Stress-Based Detection<\/li><\/ul><h5>Chapter 19: Advanced Bot Defense<\/h5><ul>\n<li>Classifying Clients with the Bot Defense Profile<\/li><li>Defining Bot Signatures<\/li><li>Defining F5 Fingerprinting<\/li><li>Defining Bot Defense Profile Templates<\/li><li>Defining Microservices protection<\/li><\/ul><h5>Chapter 20: Form Encryption using DataSafe<\/h5><ul>\n<li>Targeting Elements of Application Delivery<\/li><li>Exploiting the Document Object Model<\/li><li>Protecting Applications Using DataSafe<\/li><li>The Order of Operations for URL Classification<\/li><\/ul><h5>Chapter 21: Review and Final Labs<\/h5><ul>\n<li>Final Lab Project (Option 1) &ndash; Production Scenario<\/li><li>Final Lab Project (Option 2) &ndash; Managing Traffic with Layer 7 Local Traffic Policies<\/li><\/ul>","summary":"<p>In this 4 day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks.<\/p>\n<p>The course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.<\/p>","objective_plain":"- Students should be able to:\n- Describe the role of the BIG-IP system as a full proxy device in an application delivery network\n- Provision the F5 Advanced Web Application Firewall\n- Define a web application firewall\n- Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters\n- Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other templates) and define the security checks included in each\n- Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall\n- Define attack signatures and explain why attack signature staging is important\n- Deploy Threat Campaigns to secure against CVE threats\n- Contrast positive and negative security policy implementation and explain benefits of each\n- Configure security processing at the parameter level of a web application\n- Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder\n- Tune a policy manually or allow automatic policy building\n- Integrate third party application vulnerability scanner output into a security policy\n- Configure login enforcement for flow control\n- Mitigate credential stuffing\n- Configure protection against brute force attacks\n- Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents\n- Deploy DataSafe to secure client-side data","essentials_plain":"Prerequisite \u2013 Students must complete ONE of these: \n\n\n- Attend an Administering BIG-IP (TRG-BIG-OP-ADMIN) class\n- Achieve F5 Certified BIG-IP Administrator certification\n- Pass the free Administering BIG-IP Course Equivalency Assessment with a score of 70% or higher\nThe following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course: \n\n\n- OSI model encapsulation\n- Routing and switching\n- Ethernet and ARP\n- TCP\/IP concepts\n- IP addressing and subnetting\n- NAT and private IP addressing\n- Default gateway\n- Network firewalls\n- LAN vs. WAN","contents_plain":"- Resource provisioning for F5 Advanced Web Application Firewall\n- Traffic processing with BIG-IP Local Traffic Manager (LTM)\n- Web application concepts\n- Mitigating the OWASP Top 10 and other vulnerabilities\n- Security policy deployment\n- Security policy tuning\n- Deploying Attack Signatures and Threat Campaigns\n- Positive security building\n- Securing cookies and other headers\n- Reporting and logging\n- Advanced parameter handling\n- Using Automatic Policy Builder\n- Integrating with web vulnerability scanners\n- Login enforcement for flow control\n- Brute force and credential stuffing mitigation\n- Session tracking for client reconnaissance\n- Using Parent and Child policies\n- Layer 7 DoS protection\n- Transaction Per Second-based DoS protection\n- Layer 7 Behavioral DoS Protection\n- Configuring Advanced Bot Defense\n- Web Scraping and other Microservice Protection\n- Working with Bot Signatures\n- Using DataSafe to Secure the client side of the Document Object Model\n- Certification\n- 303 ASM Specialist","outline_plain":"Chapter 1: Setting Up the BIG-IP System\n\n\n- Introducing the BIG-IP System\n- Initially Setting Up the BIG-IP System\n- Archiving the BIG-IP System Configuration\n- Leveraging F5 Support Resources and Tools\nChapter 2: Traffic Processing with BIG-IP\n\n\n- Identifying BIG-IP Traffic Processing Objects\n- Understanding Profiles\n- Overview of Local Traffic Policies\n- Visualizing the HTTP Request Flow\nChapter 3: Web Application Concepts\n\n\n- Overview of Web Application Request Processing\n- Web Application Firewall: Layer 7 Protection\n- Layer 7 Security Checks\n- Overview of Web Communication Elements\n- Overview of the HTTP Request Structure\n- Examining HTTP Responses\n- How F5 Advanced WAF Parses File Types, URLs, and Parameters\n- Using the Fiddler HTTP Proxy\nChapter 4: Web Application Vulnerabilities\n\n\n- A Taxonomy of Attacks: The Threat Landscape\n- Common Exploits Against Web Applications\nChapter 5: Security Policy Deployment\n\n\n- Defining Learning\n- Comparing Positive and Negative Security Models\n- The Deployment Workflow\n- Assigning Policy to Virtual Server\n- Deployment Workflow: Using Advanced Settings\n- Configure Server Technologies\n- Defining Attack Signatures\n- Viewing Requests\n- Security Checks Offered by Rapid Deployment\n- Defining Attack Signatures\nChapter 6: Policy Tuning and Violations\n\n\n- Post-Deployment Traffic Processing\n- How Violations are Categorized\n- Violation Rating: A Threat Scale\n- Defining Staging and Enforcement\n- Defining Enforcement Mode\n- Defining the Enforcement Readiness Period\n- Reviewing the Definition of Learning\n- Defining Learning Suggestions\n- Choosing Automatic or Manual Learning\n- Defining the Learn, Alarm and Block Settings\n- Interpreting the Enforcement Readiness Summary\n- Configuring the Blocking Response Page\nChapter 7: Attack Signatures and Threat Campaigns\n\n\n- Defining Attack Signatures\n- Attack Signature Basics\n- Creating User-Defined Attack Signatures\n- Defining Simple and Advanced Edit Modes\n- Defining Attack Signature Sets\n- Defining Attack Signature Pools\n- Understanding Attack Signatures and Staging\n- Updating Attack Signatures\n- Defining Threat Campaigns\n- Deploying Threat Campaigns\nChapter 8: Positive Security Policy Building\n\n\n- Defining and Learning Security Policy Components\n- Defining the Wildcard\n- Defining the Entity Lifecycle\n- Choosing the Learning Scheme\n- How to Learn: Never (Wildcard Only)\n- How to Learn: Always\n- How to Learn: Selective\n- Reviewing the Enforcement Readiness Period: Entities\n- Viewing Learning Suggestions and Staging Status\n- Defining the Learning Score\n- Defining Trusted and Untrusted IP Addresses\n- How to Learn: Compact\nChapter 9: Securing Cookies and Other Headers\n\n\n- The Purpose of F5 Advanced WAF Cookies\n- Defining Allowed and Enforced Cookies\n- Securing HTTP headers\nChapter 10: Visual Reporting and Logging\n\n\n- Viewing Application Security Summary Data\n- Reporting: Build Your Own View\n- Reporting: Chart based on filters\n- Brute Force and Web Scraping Statistics\n- Viewing Resource Reports\n- PCI Compliance: PCI-DSS 3.0\n- Analyzing Requests\n- Local Logging Facilities and Destinations\n- Viewing Logs in the Configuration Utility\n- Defining the Logging Profile\n- Configuring Response Logging\nChapter 11: Lab Project 1\n\nChapter 12: Advanced Parameter Handling\n\n\n- Defining Parameter Types\n- Defining Static Parameters\n- Defining Dynamic Parameters\n- Defining Parameter Levels\n- Other Parameter Considerations\nChapter 13: Automatic Policy Building\n\n\n- Overview of Automatic Policy Building\n- Defining Templates Which Automate Learning\n- Defining Policy Loosening\n- Defining Policy Tightening\n- Defining Learning Speed: Traffic Sampling\n- Defining Track Site Changes\nChapter 14: Web Application Vulnerability Scanner Integration\n\n\n- Integrating Scanner Output\n- Importing Vulnerabilities\n- Resolving Vulnerabilities\n- Using the Generic XML Scanner XSD file\nChapter 15: Deploying Layered Policies\n\n\n- Defining a Parent Policy\n- Defining Inheritance\n- Parent Policy Deployment Use Cases\nChapter 16: Login Enforcement and Brute Force Mitigation\n\n\n- Defining Login Pages for Flow Control\n- Configuring Automatic Detection of Login Pages\n- Defining Brute Force Attacks\n- Brute Force Protection Configuration\n- Source-Based Brute Force Mitigations\n- Defining Credential Stuffing\n- Mitigating Credential Stuffing\nChapter 17: Reconnaissance with Session Tracking\n\n\n- Defining Session Tracking\n- Configuring Actions Upon Violation Detection\nChapter 18: Layer 7 DoS Mitigation\n\n\n- Defining Denial of Service Attacks\n- Defining the DoS Protection Profile\n- Overview of TPS-based DoS Protection\n- Creating a DoS Logging Profile\n- Applying TPS Mitigations\n- Defining Behavioral and Stress-Based Detection\nChapter 19: Advanced Bot Defense\n\n\n- Classifying Clients with the Bot Defense Profile\n- Defining Bot Signatures\n- Defining F5 Fingerprinting\n- Defining Bot Defense Profile Templates\n- Defining Microservices protection\nChapter 20: Form Encryption using DataSafe\n\n\n- Targeting Elements of Application Delivery\n- Exploiting the Document Object Model\n- Protecting Applications Using DataSafe\n- The Order of Operations for URL Classification\nChapter 21: Review and Final Labs\n\n\n- Final Lab Project (Option 1) \u2013 Production Scenario\n- Final Lab Project (Option 2) \u2013 Managing Traffic with Layer 7 Local Traffic Policies","summary_plain":"In this 4 day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks.\n\nThe course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.","skill_level":"Expert","version":"15.1","duration":{"unit":"d","value":4,"formatted":"4 days"},"pricelist":{"List Price":{"NL":{"country":"NL","currency":"EUR","taxrate":21,"price":3800},"BE":{"country":"BE","currency":"EUR","taxrate":21,"price":3800},"IT":{"country":"IT","currency":"EUR","taxrate":20,"price":3800},"GB":{"country":"GB","currency":"GBP","taxrate":20,"price":3280},"FR":{"country":"FR","currency":"EUR","taxrate":19.6,"price":3800},"DE":{"country":"DE","currency":"USD","taxrate":19,"price":5280},"CH":{"country":"CH","currency":"USD","taxrate":8.1,"price":5280},"AT":{"country":"AT","currency":"USD","taxrate":20,"price":5280}}},"lastchanged":"2026-03-13T14:51:23+01:00","parenturl":"https:\/\/portal.flane.ch\/swisscom\/en\/json-courses","nexturl_course_schedule":"https:\/\/portal.flane.ch\/swisscom\/en\/json-course-schedule\/20054","source_lang":"en","source":"https:\/\/portal.flane.ch\/swisscom\/en\/json-course\/f5networks-trg-big-awf-cfg"}}