F5 Networks Configuring BIG-IP® ASM v13: Application Security Manager

Our classes are always live and instructor led from our Exton, PA or EPIC Partner locations. Springhouse AnywhereLive options require Internet Access. Select classes are Guaranteed to Run (GTR). View our complete schedule policies.

 

 

 

 

028f7025-af9f-e711-8b1b-00155d0a14062017-12-11T10:00:00Z3995.000000000000410:00 AM6:00 PMAnywhereLive028f7025-af9f-e711-8b1b-00155d0a1406
d5086a55-6aa8-e711-8b1b-00155d0a14062018-02-12T10:00:00Z3995.000000000000410:00 AM6:00 PMAnywhereLived5086a55-6aa8-e711-8b1b-00155d0a1406
d6086a55-6aa8-e711-8b1b-00155d0a14062018-03-26T08:00:00Z3995.000000000000410:00 AM6:00 PMAnywhereLived6086a55-6aa8-e711-8b1b-00155d0a1406
d7086a55-6aa8-e711-8b1b-00155d0a14062018-05-07T08:00:00Z3995.000000000000410:00 AM6:00 PMAnywhereLived7086a55-6aa8-e711-8b1b-00155d0a1406
d8086a55-6aa8-e711-8b1b-00155d0a14062018-06-18T08:00:00Z3995.000000000000410:00 AM6:00 PMAnywhereLived8086a55-6aa8-e711-8b1b-00155d0a1406

Overview

​Learn skills to manage Web-based and XML application attacks and use Application Security Manager to defend against these attacks, including building security policies, utilizing traffic learning, deploying Application Security Manager with various applications, and testing using realistic web site traffic.

Intended Audience


At Completion


Prerequisites

​Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.


Exams & Certifications


Materials


Course Outline

​Lesson 1: Setting Up the BIG-IP System

Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Archiving the BIG-IP System Configuration
Leveraging F5 Support Resources and Tools
Chapter Resources
BIG-IP System Setup Labs

Lesson 2: Traffic Processing with BIG-IP

Identifying BIG-IP Traffic Processing Objects
Understanding Network Packet Flow
Understanding Profiles
Overview of Local Traffic Policies and ASM

Lesson 3: Web Application Concepts

Anatomy of a Web Application
An Overview of Common Security Methods
Examining HTTP and Web Application Components
Examining HTTP Headers
Examining HTTP Responses
Examining HTML Components
How ASM Parses File Types, URLs, and Parameters
Using the Fiddler HTTP Proxy Tool

Lesson 4: Web Application Vulnerabilities

OWASP Top 10 Vulnerabilities

Lesson 5: Security Policy Deployment

Comparing Positive and Negative Security
Using the Deployment Wizard
Deployment Wizard: Local Traffic Deployment
Deployment Wizard: Workflow
Reviewing Requests
Security Checks offered by Rapid Deployment
Configuring Data Guard

Lesson 6: Policy Tuning and Violations

Post-Configuration Traffic Processing
Defining False Positives
How Violations are Categorized
Violation Ratings
Enforcement Settings and Staging: Policy Control
Defining Signature Staging
Defining Enforcement Readiness Period
Defining Learning
Violations and Learning Suggestions
Learning Mode: Automatic or Manual
Defining Learn, Alarm and Block settings
Interpreting Enforcement Readiness Summary
Configuring the Blocking Response Page

Lesson 7: Attack Signatures

Defining Attack Signatures
Creating User-Defined Attack Signatures
Attack Signature Normalization
Attack Signature Structure
Defining Attack Signature Sets
Defining Attack Signature Pools
Updating Attack Signatures
Understanding Attack Signatures and Staging

Lesson 8: Positive Security Policy Building

Defining Security Policy Components
Choosing an Explicit Entities Learning Scheme
How to learn: Add All Entities
Staging and Entities: The Entity Lifecycle
How to Learn: Never (Wildcard Only)
How to Learn: Selective
Learning Differentiation: Real Threats vs. False positives

Lesson 9: Cookies and Other Headers

ASM Cookies: What to Enforce
Understanding Allowed and Enforced Cookies
Configuring Security Processing on HTTP Headers

Lesson 10: Reporting and Logging

Reporting Capabilities in ASM
Viewing DoS Reports
Generating an ASM Security Events Report
Viewing Log files and Local Facilities
Understanding Logging Profiles

Lesson 11: User Roles and Policy Modification

Understanding User Roles and Partitions
Comparing Policies
Editing and Exporting Security Policies
Examples of ASM Deployment Types
Overview of ASM Synchronization
Collecting Diagnostic Data with asmqkview

Lesson 12: Lab Project

Lab Project 1

Lesson 13: Advanced Parameter Handling

Defining Parameters
Defining Static Parameters
Understanding Dynamic Parameters and Extractions
Defining Parameter Levels
Understanding Attack Signatures and Parameters

Lesson 14: Application-Ready Templates

Application Template Overview

Lesson 15: Automatic Policy Building

Overview of Automatic Policy Building
Choosing a Policy Type
Defining Policy Building Process Rules
Defining the Learning Score

Lesson 16: Web Application Vulnerability Scanners

Integrating ASM with Vulnerability Scanners
Importing Vulnerabilities
Resolving Vulnerabilities
Using the Generic XML Scanner Output

Lesson 17: Login Enforcement & Session Tracking

Defining a Login URL
Defining Session Awareness and User Tracking

Lesson 18: Brute force and Web Scraping Mitigation

Defining Anomalies
Mitigating Brute Force Attacks
Defining Session-Based Brute Force Protection
Defining Dynamic Brute Force Protection
Defining the Prevention Policy
Mitigating Web Scraping
Defining Geolocation Enforcement
Configuring IP Address Exceptions

Lesson 19: Layer 7 DoS Mitigation

Defining Denial of Service Attacks
Defining General Settings L7 DoS Profile
Defining TPS-Based DoS Protection
Defining Operation Mode
Defining Mitigation Methods
Defining Stress-Based Detection
Defining Proactive Bot Defense
Using Bot Signatures

Lesson 20: ASM and iRules

Defining Application Security iRule Events
Using ASM iRule Event Modes
iRule Syntax
ASM iRule Commands

Lesson 21: XML and Web Services

Defining XML
Defining Web Services
Configuring an XML Profile
Schema and WSDL Configuration
XML Attack Signatures
Using Web Services Security

Lesson 22: Web 2.0 Support: JSON Profiles

Defining Asynchronous JavaScript and XML
Defining JavaScript Object Notation
Configuring a JSON Profile

Lesson 23: Review and Final Labs

 

 

F5 Networks Configuring BIG-IP® ASM v13: Application Security Managerhttp://springhouse.com/course-catalog/TLG_ASMv13F5 Networks Configuring BIG-IP® ASM v13: Application Security Manager

Get More Information
Name:

Phone:  

Email:  

Comments:

Help us prove you're not a robot:
 

 ‭(Hidden)‬ Catalog-Item Reuse

Microsoft Gold Partner

PMI R.E.P.

The PMI R.E.P. logo is a mark of the Project Management Institute, Inc.
The Microsoft Gold CPLS logo is a mark of Microsoft, Inc.

Connect with us

Springhouse Education & Consulting Services

Corporate HQ:Eagleview Corporate Park
707 Eagleview Boulevard
Suite 207
Exton, PA 19341

610-321-3500 - info@springhouse.com