Configuring F5 Advanced WAF (previously licensed as ASM)

Configuring F5 Advanced WAF (previously licensed as ASM)TRG-BIG-AWF-CFGF5F5 NetworksF5-TRG-BIG-AWF-CFG15.1<ul> <li>Students should be able to:</li><li>Describe the role of the BIG-IP system as a full proxy device in an application delivery network</li><li>Provision the F5 Advanced Web Application Firewall</li><li>Define a web application firewall</li><li>Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters</li><li>Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other templates) and define the security checks included in each</li><li>Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall</li><li>Define attack signatures and explain why attack signature staging is important</li><li>Deploy Threat Campaigns to secure against CVE threats</li><li>Contrast positive and negative security policy implementation and explain benefits of each</li><li>Configure security processing at the parameter level of a web application</li><li>Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder</li><li>Tune a policy manually or allow automatic policy building</li><li>Integrate third party application vulnerability scanner output into a security policy</li><li>Configure login enforcement for flow control</li><li>Mitigate credential stuffing</li><li>Configure protection against brute force attacks</li><li>Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents</li><li>Deploy DataSafe to secure client-side data</li></ul><p>Prerequisite – Students must complete ONE of these: </p> <ul> <li>Attend an <span class="cms-link-marked"><a class="fl-href-prod" href="/swisscom/en/course/f5networks-trg-big-op-admin"><svg role="img" aria-hidden="true" focusable="false" data-nosnippet class="cms-linkmark"><use xlink:href="/css/img/icnset-linkmarks.svg#linkmark"></use></svg>Administering BIG-IP <span class="fl-prod-pcode">(TRG-BIG-OP-ADMIN)</span></a></span> class</li><li>Achieve F5 Certified BIG-IP Administrator certification</li><li>Pass the free Administering BIG-IP Course Equivalency Assessment with a score of 70% or higher</li></ul><p>The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course: </p> <ul> <li>OSI model encapsulation</li><li>Routing and switching</li><li>Ethernet and ARP</li><li>TCP/IP concepts</li><li>IP addressing and subnetting</li><li>NAT and private IP addressing</li><li>Default gateway</li><li>Network firewalls</li><li>LAN vs. WAN</li></ul><ul> <li>Resource provisioning for F5 Advanced Web Application Firewall</li><li>Traffic processing with BIG-IP Local Traffic Manager (LTM)</li><li>Web application concepts</li><li>Mitigating the OWASP Top 10 and other vulnerabilities</li><li>Security policy deployment</li><li>Security policy tuning</li><li>Deploying Attack Signatures and Threat Campaigns</li><li>Positive security building</li><li>Securing cookies and other headers</li><li>Reporting and logging</li><li>Advanced parameter handling</li><li>Using Automatic Policy Builder</li><li>Integrating with web vulnerability scanners</li><li>Login enforcement for flow control</li><li>Brute force and credential stuffing mitigation</li><li>Session tracking for client reconnaissance</li><li>Using Parent and Child policies</li><li>Layer 7 DoS protection</li><li>Transaction Per Second-based DoS protection</li><li>Layer 7 Behavioral DoS Protection</li><li>Configuring Advanced Bot Defense</li><li>Web Scraping and other Microservice Protection</li><li>Working with Bot Signatures</li><li>Using DataSafe to Secure the client side of the Document Object Model</li><li>Certification</li><li>303 ASM Specialist</li></ul><h5>Chapter 1: Setting Up the BIG-IP System</h5><ul> <li>Introducing the BIG-IP System</li><li>Initially Setting Up the BIG-IP System</li><li>Archiving the BIG-IP System Configuration</li><li>Leveraging F5 Support Resources and Tools</li></ul><h5>Chapter 2: Traffic Processing with BIG-IP</h5><ul> <li>Identifying BIG-IP Traffic Processing Objects</li><li>Understanding Profiles</li><li>Overview of Local Traffic Policies</li><li>Visualizing the HTTP Request Flow</li></ul><h5>Chapter 3: Web Application Concepts</h5><ul> <li>Overview of Web Application Request Processing</li><li>Web Application Firewall: Layer 7 Protection</li><li>Layer 7 Security Checks</li><li>Overview of Web Communication Elements</li><li>Overview of the HTTP Request Structure</li><li>Examining HTTP Responses</li><li>How F5 Advanced WAF Parses File Types, URLs, and Parameters</li><li>Using the Fiddler HTTP Proxy</li></ul><h5>Chapter 4: Web Application Vulnerabilities</h5><ul> <li>A Taxonomy of Attacks: The Threat Landscape</li><li>Common Exploits Against Web Applications</li></ul><h5>Chapter 5: Security Policy Deployment</h5><ul> <li>Defining Learning</li><li>Comparing Positive and Negative Security Models</li><li>The Deployment Workflow</li><li>Assigning Policy to Virtual Server</li><li>Deployment Workflow: Using Advanced Settings</li><li>Configure Server Technologies</li><li>Defining Attack Signatures</li><li>Viewing Requests</li><li>Security Checks Offered by Rapid Deployment</li><li>Defining Attack Signatures</li></ul><h5>Chapter 6: Policy Tuning and Violations</h5><ul> <li>Post-Deployment Traffic Processing</li><li>How Violations are Categorized</li><li>Violation Rating: A Threat Scale</li><li>Defining Staging and Enforcement</li><li>Defining Enforcement Mode</li><li>Defining the Enforcement Readiness Period</li><li>Reviewing the Definition of Learning</li><li>Defining Learning Suggestions</li><li>Choosing Automatic or Manual Learning</li><li>Defining the Learn, Alarm and Block Settings</li><li>Interpreting the Enforcement Readiness Summary</li><li>Configuring the Blocking Response Page</li></ul><h5>Chapter 7: Attack Signatures and Threat Campaigns</h5><ul> <li>Defining Attack Signatures</li><li>Attack Signature Basics</li><li>Creating User-Defined Attack Signatures</li><li>Defining Simple and Advanced Edit Modes</li><li>Defining Attack Signature Sets</li><li>Defining Attack Signature Pools</li><li>Understanding Attack Signatures and Staging</li><li>Updating Attack Signatures</li><li>Defining Threat Campaigns</li><li>Deploying Threat Campaigns</li></ul><h5>Chapter 8: Positive Security Policy Building</h5><ul> <li>Defining and Learning Security Policy Components</li><li>Defining the Wildcard</li><li>Defining the Entity Lifecycle</li><li>Choosing the Learning Scheme</li><li>How to Learn: Never (Wildcard Only)</li><li>How to Learn: Always</li><li>How to Learn: Selective</li><li>Reviewing the Enforcement Readiness Period: Entities</li><li>Viewing Learning Suggestions and Staging Status</li><li>Defining the Learning Score</li><li>Defining Trusted and Untrusted IP Addresses</li><li>How to Learn: Compact</li></ul><h5>Chapter 9: Securing Cookies and Other Headers</h5><ul> <li>The Purpose of F5 Advanced WAF Cookies</li><li>Defining Allowed and Enforced Cookies</li><li>Securing HTTP headers</li></ul><h5>Chapter 10: Visual Reporting and Logging</h5><ul> <li>Viewing Application Security Summary Data</li><li>Reporting: Build Your Own View</li><li>Reporting: Chart based on filters</li><li>Brute Force and Web Scraping Statistics</li><li>Viewing Resource Reports</li><li>PCI Compliance: PCI-DSS 3.0</li><li>Analyzing Requests</li><li>Local Logging Facilities and Destinations</li><li>Viewing Logs in the Configuration Utility</li><li>Defining the Logging Profile</li><li>Configuring Response Logging</li></ul><h5>Chapter 11: Lab Project 1</h5><h5>Chapter 12: Advanced Parameter Handling</h5><ul> <li>Defining Parameter Types</li><li>Defining Static Parameters</li><li>Defining Dynamic Parameters</li><li>Defining Parameter Levels</li><li>Other Parameter Considerations</li></ul><h5>Chapter 13: Automatic Policy Building</h5><ul> <li>Overview of Automatic Policy Building</li><li>Defining Templates Which Automate Learning</li><li>Defining Policy Loosening</li><li>Defining Policy Tightening</li><li>Defining Learning Speed: Traffic Sampling</li><li>Defining Track Site Changes</li></ul><h5>Chapter 14: Web Application Vulnerability Scanner Integration</h5><ul> <li>Integrating Scanner Output</li><li>Importing Vulnerabilities</li><li>Resolving Vulnerabilities</li><li>Using the Generic XML Scanner XSD file</li></ul><h5>Chapter 15: Deploying Layered Policies</h5><ul> <li>Defining a Parent Policy</li><li>Defining Inheritance</li><li>Parent Policy Deployment Use Cases</li></ul><h5>Chapter 16: Login Enforcement and Brute Force Mitigation</h5><ul> <li>Defining Login Pages for Flow Control</li><li>Configuring Automatic Detection of Login Pages</li><li>Defining Brute Force Attacks</li><li>Brute Force Protection Configuration</li><li>Source-Based Brute Force Mitigations</li><li>Defining Credential Stuffing</li><li>Mitigating Credential Stuffing</li></ul><h5>Chapter 17: Reconnaissance with Session Tracking</h5><ul> <li>Defining Session Tracking</li><li>Configuring Actions Upon Violation Detection</li></ul><h5>Chapter 18: Layer 7 DoS Mitigation</h5><ul> <li>Defining Denial of Service Attacks</li><li>Defining the DoS Protection Profile</li><li>Overview of TPS-based DoS Protection</li><li>Creating a DoS Logging Profile</li><li>Applying TPS Mitigations</li><li>Defining Behavioral and Stress-Based Detection</li></ul><h5>Chapter 19: Advanced Bot Defense</h5><ul> <li>Classifying Clients with the Bot Defense Profile</li><li>Defining Bot Signatures</li><li>Defining F5 Fingerprinting</li><li>Defining Bot Defense Profile Templates</li><li>Defining Microservices protection</li></ul><h5>Chapter 20: Form Encryption using DataSafe</h5><ul> <li>Targeting Elements of Application Delivery</li><li>Exploiting the Document Object Model</li><li>Protecting Applications Using DataSafe</li><li>The Order of Operations for URL Classification</li></ul><h5>Chapter 21: Review and Final Labs</h5><ul> <li>Final Lab Project (Option 1) – Production Scenario</li><li>Final Lab Project (Option 2) – Managing Traffic with Layer 7 Local Traffic Policies</li></ul>- Students should be able to: - Describe the role of the BIG-IP system as a full proxy device in an application delivery network - Provision the F5 Advanced Web Application Firewall - Define a web application firewall - Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters - Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other templates) and define the security checks included in each - Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall - Define attack signatures and explain why attack signature staging is important - Deploy Threat Campaigns to secure against CVE threats - Contrast positive and negative security policy implementation and explain benefits of each - Configure security processing at the parameter level of a web application - Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder - Tune a policy manually or allow automatic policy building - Integrate third party application vulnerability scanner output into a security policy - Configure login enforcement for flow control - Mitigate credential stuffing - Configure protection against brute force attacks - Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents - Deploy DataSafe to secure client-side dataPrerequisite – Students must complete ONE of these: - Attend an Administering BIG-IP (TRG-BIG-OP-ADMIN) class - Achieve F5 Certified BIG-IP Administrator certification - Pass the free Administering BIG-IP Course Equivalency Assessment with a score of 70% or higher The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course: - OSI model encapsulation - Routing and switching - Ethernet and ARP - TCP/IP concepts - IP addressing and subnetting - NAT and private IP addressing - Default gateway - Network firewalls - LAN vs. WAN- Resource provisioning for F5 Advanced Web Application Firewall - Traffic processing with BIG-IP Local Traffic Manager (LTM) - Web application concepts - Mitigating the OWASP Top 10 and other vulnerabilities - Security policy deployment - Security policy tuning - Deploying Attack Signatures and Threat Campaigns - Positive security building - Securing cookies and other headers - Reporting and logging - Advanced parameter handling - Using Automatic Policy Builder - Integrating with web vulnerability scanners - Login enforcement for flow control - Brute force and credential stuffing mitigation - Session tracking for client reconnaissance - Using Parent and Child policies - Layer 7 DoS protection - Transaction Per Second-based DoS protection - Layer 7 Behavioral DoS Protection - Configuring Advanced Bot Defense - Web Scraping and other Microservice Protection - Working with Bot Signatures - Using DataSafe to Secure the client side of the Document Object Model - Certification - 303 ASM SpecialistChapter 1: Setting Up the BIG-IP System - Introducing the BIG-IP System - Initially Setting Up the BIG-IP System - Archiving the BIG-IP System Configuration - Leveraging F5 Support Resources and Tools Chapter 2: Traffic Processing with BIG-IP - Identifying BIG-IP Traffic Processing Objects - Understanding Profiles - Overview of Local Traffic Policies - Visualizing the HTTP Request Flow Chapter 3: Web Application Concepts - Overview of Web Application Request Processing - Web Application Firewall: Layer 7 Protection - Layer 7 Security Checks - Overview of Web Communication Elements - Overview of the HTTP Request Structure - Examining HTTP Responses - How F5 Advanced WAF Parses File Types, URLs, and Parameters - Using the Fiddler HTTP Proxy Chapter 4: Web Application Vulnerabilities - A Taxonomy of Attacks: The Threat Landscape - Common Exploits Against Web Applications Chapter 5: Security Policy Deployment - Defining Learning - Comparing Positive and Negative Security Models - The Deployment Workflow - Assigning Policy to Virtual Server - Deployment Workflow: Using Advanced Settings - Configure Server Technologies - Defining Attack Signatures - Viewing Requests - Security Checks Offered by Rapid Deployment - Defining Attack Signatures Chapter 6: Policy Tuning and Violations - Post-Deployment Traffic Processing - How Violations are Categorized - Violation Rating: A Threat Scale - Defining Staging and Enforcement - Defining Enforcement Mode - Defining the Enforcement Readiness Period - Reviewing the Definition of Learning - Defining Learning Suggestions - Choosing Automatic or Manual Learning - Defining the Learn, Alarm and Block Settings - Interpreting the Enforcement Readiness Summary - Configuring the Blocking Response Page Chapter 7: Attack Signatures and Threat Campaigns - Defining Attack Signatures - Attack Signature Basics - Creating User-Defined Attack Signatures - Defining Simple and Advanced Edit Modes - Defining Attack Signature Sets - Defining Attack Signature Pools - Understanding Attack Signatures and Staging - Updating Attack Signatures - Defining Threat Campaigns - Deploying Threat Campaigns Chapter 8: Positive Security Policy Building - Defining and Learning Security Policy Components - Defining the Wildcard - Defining the Entity Lifecycle - Choosing the Learning Scheme - How to Learn: Never (Wildcard Only) - How to Learn: Always - How to Learn: Selective - Reviewing the Enforcement Readiness Period: Entities - Viewing Learning Suggestions and Staging Status - Defining the Learning Score - Defining Trusted and Untrusted IP Addresses - How to Learn: Compact Chapter 9: Securing Cookies and Other Headers - The Purpose of F5 Advanced WAF Cookies - Defining Allowed and Enforced Cookies - Securing HTTP headers Chapter 10: Visual Reporting and Logging - Viewing Application Security Summary Data - Reporting: Build Your Own View - Reporting: Chart based on filters - Brute Force and Web Scraping Statistics - Viewing Resource Reports - PCI Compliance: PCI-DSS 3.0 - Analyzing Requests - Local Logging Facilities and Destinations - Viewing Logs in the Configuration Utility - Defining the Logging Profile - Configuring Response Logging Chapter 11: Lab Project 1 Chapter 12: Advanced Parameter Handling - Defining Parameter Types - Defining Static Parameters - Defining Dynamic Parameters - Defining Parameter Levels - Other Parameter Considerations Chapter 13: Automatic Policy Building - Overview of Automatic Policy Building - Defining Templates Which Automate Learning - Defining Policy Loosening - Defining Policy Tightening - Defining Learning Speed: Traffic Sampling - Defining Track Site Changes Chapter 14: Web Application Vulnerability Scanner Integration - Integrating Scanner Output - Importing Vulnerabilities - Resolving Vulnerabilities - Using the Generic XML Scanner XSD file Chapter 15: Deploying Layered Policies - Defining a Parent Policy - Defining Inheritance - Parent Policy Deployment Use Cases Chapter 16: Login Enforcement and Brute Force Mitigation - Defining Login Pages for Flow Control - Configuring Automatic Detection of Login Pages - Defining Brute Force Attacks - Brute Force Protection Configuration - Source-Based Brute Force Mitigations - Defining Credential Stuffing - Mitigating Credential Stuffing Chapter 17: Reconnaissance with Session Tracking - Defining Session Tracking - Configuring Actions Upon Violation Detection Chapter 18: Layer 7 DoS Mitigation - Defining Denial of Service Attacks - Defining the DoS Protection Profile - Overview of TPS-based DoS Protection - Creating a DoS Logging Profile - Applying TPS Mitigations - Defining Behavioral and Stress-Based Detection Chapter 19: Advanced Bot Defense - Classifying Clients with the Bot Defense Profile - Defining Bot Signatures - Defining F5 Fingerprinting - Defining Bot Defense Profile Templates - Defining Microservices protection Chapter 20: Form Encryption using DataSafe - Targeting Elements of Application Delivery - Exploiting the Document Object Model - Protecting Applications Using DataSafe - The Order of Operations for URL Classification Chapter 21: Review and Final Labs - Final Lab Project (Option 1) – Production Scenario - Final Lab Project (Option 2) – Managing Traffic with Layer 7 Local Traffic Policies4 days3800.003800.003800.003280.003800.005280.005280.005280.00