Logo

Maxtrain.com - [email protected] - 513-322-8888 - 866-595-6863

F5-ASM-11

F5 Networks Configuring BIG-IP ASM v11: Application Security Manager

Alert Me

Outline

Lesson 1 : Setting up the BIG-IP System
  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Configuring the Management Interface
  • Provisioning Modules and Resources
  • Importing a Device Certificiate
  • Specifying BIG-IP Platform Properties
  • Configuring the Network
  • Configuring NTP Servers
  • Configuring DNS Settings
  • Configuring High Availability Options
  • Configuring a Standard Pair
  • Creating an Archive of the BIG-IP System
  • Leveraging F5 Support Resources and Tools
Lesson 2 : Traffic Processing with BIG-IP
  • Understanding Traffic Processing with LTM
  • Understanding Network Packet Flow
  • Understanding Profiles and ASM
  • Overview of Local Traffic Policies and ASM
Lesson 3 : Web Application Concepts
  • Anatomy of a web application
  • An Overview of Common Security Methods
  • Examining HTTP and Web Application Components
  • Examining HTTP Headers
  • Examining HTTP Responses
  • Examining HTML Components
  • How ASM Parses File Types, URLs, and Parameters
  • Using the Fiddler HTTP proxy tool
Lesson 4 : Web Application Vulnerabilities
  • OWASP Top 10 (2013)
  • Summary of Risk Mitigation using ASM
Lesson 5 : Security Policy Deployment
  • About Positive and Negative Security Models
  • Deployment Wizard: Policy creation scenarios
  • Features of the Rapid Deployment template
  • Deployment Wizard: Local Traffic Deployment
  • Deployment Wizard: Configuration Settings
  • Enforcement Settings
  • Reviewing Requests
  • Violations and Security Policy Building
  • Reviewing Violations
  • Security Policy Blocking Settings
  • Configuring the Blocking Response Page
  • Configuring Data Guard
Lesson 6 : Attack Signatures
  • Defining Attack Signatures
  • Attack Signature Features
  • Defining Attack Signature Sets
  • About User-defined Attack Signatures
  • Updating Attack Signatures
  • Understanding Attack Signatures and staging
Lesson 7 : Positive Security Policy Building
  • Defining Security Policy Components
  • Choosing an Explicit Entities Learning Scheme
  • Understanding Add All Entities
  • Security through Entity Learning
  • Reviewing Staging and Enforcement
  • Understanding Never (Wildcard Only)
  • Using the Selective mode
  • Learning Differentiation: Real threats vs. false positives
Lesson 8 : Cookies and other Headers
  • Purpose of ASM Cookies
  • Understanding Allowed and Enforced Cookies
  • Configuring security processing on HTTP headers
Lesson 9 : Reporting and Logging
  • Reporting Capabilities in ASM
  • Generating an ASM Security Events Report
  • Viewing Logs
  • Understanding Logging Profiles
Lesson 10 : User Roles, policy modification, and other deployments
  • Understanding User Roles and Partitions
  • Editing and Exporting Security Policies
  • Examples of ASM Deployment Types
  • Overview of ASM Synchronization
  • Collecting diagnostic data with asmqkview
Lesson 11 : Lab Project 1 Lesson 12 : Advanced Parameter Handling
  • Defining Parameters
  • Defining Static Parameters
  • Understanding Dynamic Parameters and Extractions
  • Defining Parameter Levels
  • Understanding Attack Signatures and Parameters
Lesson 13 : Application–ready Templates
  • Application-Ready Template Overview
Lesson 14 : Real Traffic Policy Builder
  • Overview of the Real Traffic Policy Builder
  • Policy Building Steps
  • Defining Policy Types
  • Real Traffic Policy Builder Rules
Lesson 15 : Web Application Vulnerability Scanners
  • Integrating ASM with Application Vulnerability Scanners
  • Resolving Vulnerabilities
  • Using the generic XML scanner output
Lesson 16 : Login Enforcement, Session Tracking, and Flows
  • Defining Login Pages
  • Defining Session Awareness and User Tracking
  • Defining Flows
Lesson 17 : Anomaly Detection
  • Defining Anomaly Detection
  • Preventing Web Scraping
  • Preventing Denial of Service Attacks
  • Configuring Geolocation Enforcement
  • Configuring IP Address Exceptions
Lesson 18 : ASM and iRules
  • Defining iRules and iRule events
  • Using ASM iRule Event Modes
  • iRule syntax
  • ASM iRule Commands
Lesson 19 : AJAX and JSON Support
  • Defining Asynchronous JavaScript and XML
  • Defining JavaScript Object Notation
  • Configuring a JSON profile
Lesson 20 : XML and web services
  • Defining XML
  • Defining Web Services
  • Configuring an XML profile
  • Schema and WSDL Configuration
  • XML Attack Signatures
  • Using Web Services Security
Lesson 21 : Review and Final Lab Projects
  • Final Lab Project Option 1: Custom Rule for ASM-enabled local traffic policies
  • Final Lab Project Option 2: Production Scenario
  • Final Lab Project Option 3: JSON Parsing
  • Final Lab Project Option 4: XML & Web Services
Lesson 22 : Additional Training and Certifications

PreRequisites

Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.
$3995.00 List Price

4 Days Course

Class Dates

Request a Date or a Private Class below.


MAX Educ. Savings
Categories: , Tags: ,
Loading ...