F5 Networks Configuring BIG-IP® ASM v12: Application Security Manager

Our classes are always live and instructor led from our Exton, PA or EPIC Partner locations. Springhouse AnywhereLive options require Internet Access. Select classes are Guaranteed to Run (GTR). View our complete schedule policies.






​Learn skills to manage Web-based and XML application attacks and use Application Security Manager to defend against these attacks, including building security policies, utilizing traffic learning, deploying Application Security Manager with various applications, and testing using realistic web site traffic.

Intended Audience

At Completion


​Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.

Exams & Certifications


Course Outline

​Lesson 1: Setting Up the BIG-IP System

Introducing the BIG-IP System

Initially Setting Up the BIG-IP System

Archiving the BIG-IP System Configuration

Leveraging F5 Support Resources and Tools

Chapter Resources

BIG-IP System Setup Labs


Lesson 2: Traffic Processing with BIG-IP

Identifying BIG-IP Traffic Processing Objects

Understanding Network Packet Flow

Understanding Profiles

Overview of Local Traffic Policies and ASM


Lesson 3: Web Application Concepts

Anatomy of a Web Application

An Overview of Common Security Methods

Examining HTTP and Web Application Components

Examining HTTP Headers

Examining HTTP Responses

Examining HTML Components

How ASM Parses File Types, URLs, and Parameters

Using the Fiddler HTTP Proxy Tool


Lesson 4: Web Application Vulnerabilities

OWASP Top 10 Vulnerabilities


Lesson 5: Security Policy Deployment

Comparing Positive and Negative Security

Using the Deployment Wizard

Deployment Wizard: Local Traffic Deployment

Deployment Wizard: Workflow

Reviewing Requests

Security Checks offered by Rapid Deployment

Configuring Data Guard


Lesson 6: Policy Tuning and Violations

Post-Configuration Traffic Processing

Defining False Positives

How Violations are Categorized

Violation Ratings

Enforcement Settings and Staging: Policy Control

Defining Signature Staging

Defining Enforcement Readiness Period

Defining Learning

Violations and Learning Suggestions

Learning Mode: Automatic or Manual

Defining Learn, Alarm and Block settings

Interpreting Enforcement Readiness Summary

Configuring the Blocking Response Page


Lesson 7: Attack Signatures

Defining Attack Signatures

Creating User-Defined Attack Signatures

Attack Signature Normalization

Attack Signature Structure

Defining Attack Signature Sets

Defining Attack Signature Pools

Updating Attack Signatures

Understanding Attack Signatures and Staging


Lesson 8: Positive Security Policy Building

Defining Security Policy Components

Choosing an Explicit Entities Learning Scheme

How to learn: Add All Entities

Staging and Entities: The Entity Lifecycle

How to Learn: Never (Wildcard Only)

How to Learn: Selective

Learning Differentiation: Real Threats vs. False positives


Lesson 9: Cookies and Other Headers

ASM Cookies: What to Enforce

Understanding Allowed and Enforced Cookies

Configuring Security Processing on HTTP Headers


Lesson 10: Reporting and Logging

Reporting Capabilities in ASM

Viewing DoS Reports

Generating an ASM Security Events Report

Viewing Log files and Local Facilities

Understanding Logging Profiles


Lesson 11: User Roles and Policy Modification

Understanding User Roles and Partitions

Comparing Policies

Editing and Exporting Security Policies

Examples of ASM Deployment Types

Overview of ASM Synchronization

Collecting Diagnostic Data with asmqkview


Lesson 12: Lab Project

Lab Project 1


Lesson 13: Advanced Parameter Handling

Defining Parameters

Defining Static Parameters

Understanding Dynamic Parameters and Extractions

Defining Parameter Levels

Understanding Attack Signatures and Parameters


Lesson 14: Application-Ready Templates

Application Template Overview


Lesson 15: Automatic Policy Building

Overview of Automatic Policy Building

Choosing a Policy Type

Defining Policy Building Process Rules

Defining the Learning Score


Lesson 16: Web Application Vulnerability Scanners

Integrating ASM with Vulnerability Scanners

Importing Vulnerabilities

Resolving Vulnerabilities

Using the Generic XML Scanner Output


Lesson 17: Login Enforcement & Session Tracking

Defining a Login URL

Defining Session Awareness and User Tracking


Lesson 18: Brute force and Web Scraping Mitigation

Defining Anomalies

Mitigating Brute Force Attacks

Defining Session-Based Brute Force Protection

Defining Dynamic Brute Force Protection

Defining the Prevention Policy

Mitigating Web Scraping

Defining Geolocation Enforcement

Configuring IP Address Exceptions


Lesson 19: Layer 7 DoS Mitigation

Defining Denial of Service Attacks

Defining General Settings L7 DoS Profile

Defining TPS-Based DoS Protection

Defining Operation Mode

Defining Mitigation Methods

Defining Stress-Based Detection

Defining Proactive Bot Defense

Using Bot Signatures


Lesson 20: ASM and iRules

Defining Application Security iRule Events

Using ASM iRule Event Modes

iRule Syntax

ASM iRule Commands


Lesson 21: XML and Web Services

Defining XML

Defining Web Services

Configuring an XML Profile

Schema and WSDL Configuration

XML Attack Signatures

Using Web Services Security


Lesson 22: Web 2.0 Support: JSON Profiles

Defining Asynchronous JavaScript and XML

Defining JavaScript Object Notation

Configuring a JSON Profile


Lesson 23: Review and Final Labs



F5 Networks Configuring BIG-IP® ASM v12: Application Security Managerhttp://springhouse.com/course-catalog/TLG_ASMv12F5 Networks Configuring BIG-IP® ASM v12: Application Security Manager

Get More Information




Help us prove you're not a robot:

 ‭(Hidden)‬ Catalog-Item Reuse

Microsoft Gold Partner


AXELOS Limited

The Microsoft Gold CPLS logo is a mark of Microsoft, Inc.

The PMI R.E.P. logo is a mark of the Project Management Institute, Inc.

ITIL® is a registered trade mark of AXELOS Limited.
IT Infrastructure Library® is a registered trade mark of AXELOS Limited
The Swirl logo™ is a registered trade mark of AXELOS Limited
Accredited course material is property of ITSM Academy.

Connect with us

Springhouse Education & Consulting Services

Corporate HQ:Eagleview Corporate Park
707 Eagleview Boulevard
Suite 207
Exton, PA 19341

610-321-3500 - info@springhouse.com