In this 4 day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks. The course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero-day exploits.
Course Objectives
Describe the role of the BIG-IP system as a full proxy device in an application delivery network
Provision F5 Advanced Web Application Firewall resources
Define a web application firewall
Describe how F5 Advanced Web Application Firewall protects a web application by securing file
types, URLs, and parameters
Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other
templates) and define the security checks included in each
Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web
Application Firewall
Define attack signatures and explain why attack signature staging is important
Contrast positive and negative security policy implementation and explain benefits of each
Configure security processing at the parameter level of a web application
Use an application template to protect a commercial web application
Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder
Tune a policy manually or allow automatic policy building
Integrate third party application vulnerability scanner output into a security policy
Configure login enforcement and session tracking
Configure protection against brute force, web scraping, and Layer 7 denial of service attacks
Implement iRules using specific F5 Advanced Web Application Firewall events and commands
Use Content Profiles to protect JSON and AJAX-based applications
Implement Bot Signatures
Implement Proactive Bot Defense
Audience:
this course is intended for security and network administrators who will be responsible for theinstallation, deployment, tuning, and day-to-day maintenance of the F5 Advanced Web ApplicationFirewall.
Course Outline
Setting Up the BIG-IP System
Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Archiving the BIG-IP System Configuration
Leveraging F5 Support Resources and Tools
Traffic Processing with BIG-IP
Identifying BIG-IP Traffic Processing Objects
Understanding Profiles
Overview of Local Traffic Policies
Visualizing the HTTP Request Flow
Web Application Concepts
Overview of Web Application Request Processing
Web Application Firewall: Layer 7 Protection
Layer 7 Security Checks
Overview of Web Communication Elements
Overview of the HTTP Request Structure
Examining HTTP Responses
How F5 Advanced WAF Parses File Types, URLs, and Parameters
Using the Fiddler HTTP Proxy
Web Application Vulnerabilities
A Taxonomy of Attacks: The Threat Landscape
Common Exploits Against Web Applications
Security Policy Deployment
Defining Learning
Comparing Positive and Negative Security Models
The Deployment Workflow
Assigning Policy to Virtual Server
Deployment Workflow: Using Advanced Settings
Configure Server Technologies
Defining Attack Signatures
Viewing Requests
Security Checks Offered by Rapid Deployment
Defining Attack Signatures
Policy Tuning and Violations
Post-Deployment Traffic Processing
How Violations are Categorized
Violation Rating: A Threat Scale
Defining Staging and Enforcement
Defining Enforcement Mode
Defining the Enforcement Readiness Period
Reviewing the Definition of Learning
Defining Learning Suggestions
Choosing Automatic or Manual Learning
Defining the Learn, Alarm and Block Settings
Interpreting the Enforcement Readiness Summary
Configuring the Blocking Response Page
Attack Signatures and Threat Campaigns
Defining Attack Signatures
Attack Signature Basics
Creating User-Defined Attack Signatures
Defining Simple and Advanced Edit Modes
Defining Attack Signature Sets
Defining Attack Signature Pools
Understanding Attack Signatures and Staging
Updating Attack Signatures
Defining Threat Campaigns
Deploying Threat Campaigns
Positive Security Policy Building
Defining and Learning Security Policy Components
Defining the Wildcard
Defining the Entity Lifecycle
Choosing the Learning Scheme
How to Learn: Never (Wildcard Only)
How to Learn: Always
How to Learn: Selective
Reviewing the Enforcement Readiness Period: Entities
Viewing Learning Suggestions and Staging Status
Defining the Learning Score
Defining Trusted and Untrusted IP Addresses
How to Learn: Compact
Securing Cookies and Other Headers
The Purpose of F5 Advanced WAF Cookies
Defining Allowed and Enforced Cookies
Securing HTTP headers
Visual Reporting and Logging
Viewing Application Security Summary Data
Reporting: Build Your Own View
Reporting: Chart based on filters
Brute Force and Web Scraping Statistics
Viewing Resource Reports
PCI Compliance: PCI-DSS 3.0
Analyzing Requests
Local Logging Facilities and Destinations
Viewing Logs in the Configuration Utility
Defining the Logging Profile
Configuring Response Logging
Lab Project 1
Advanced Parameter Handling
Defining Parameter Types
Defining Static Parameters
Defining Dynamic Parameters
Defining Parameter Levels
Other Parameter Considerations
Automatic Policy Building
Overview of Automatic Policy Building
Defining Templates Which Automate Learning
Defining Policy Loosening
Defining Policy Tightening
Defining Learning Speed: Traffic Sampling
Defining Track Site Changes
Web Application Vulnerability Scanner Integration
Integrating Scanner Output
Importing Vulnerabilities
Resolving Vulnerabilities
Using the Generic XML Scanner XSD file
Deploying Layered Policies
Defining a Parent Policy
Defining Inheritance
Parent Policy Deployment Use Cases
Login Enforcement and Brute Force Mitigation
Defining Login Pages for Flow Control
Configuring Automatic Detection of Login Pages
Defining Brute Force Attacks
Brute Force Protection Configuration
Source-Based Brute Force Mitigations
Defining Credential Stuffing
Mitigating Credential Stuffing
Reconnaissance with Session Tracking
Defining Session Tracking
Configuring Actions Upon Violation Detection
Layer 7 DoS Mitigation
Defining Denial of Service Attacks
Defining the DoS Protection Profile
Overview of TPS-based DoS Protection
Creating a DoS Logging Profile
Applying TPS Mitigations
Defining Behavioral and Stress-Based Detection
Advanced Bot Defense
Classifying Clients with the Bot Defense Profile
Defining Bot Signatures
Defining F5 Fingerprinting
Defining Bot Defense Profile Templates
Defining Microservices protection
Form Encryption using DataSafe
Targeting Elements of Application Delivery
Exploiting the Document Object Model
Protecting Applications Using DataSafe
The Order of Operations for URL Classification
Review and Final Labs
Final Lab Project (Option 1) – Production Scenario
Final Lab Project (Option 2) – Managing Traffic with Layer 7 Local Traffic Policies
*Course fee/pax. Minimum 4 registration is required to schedule the Class.
F5 BIG-IP Advanced Web Application Firewall
Cybersecurity certification courses
Ethical hacking training
Network security certification
Information security training
Cybersecurity bootcamp
SOC analyst training
Penetration testing course
Cybersecurity online certification
IT security certifications for beginners
Advanced cybersecurity training
IBM cybersecurity certification
IBM security training courses
IBM QRadar training
IBM cyber security professional certificate
IBM SIEM certification
Palo Alto certification training
Palo Alto firewall course
PCNSE certification training
Palo Alto network security certification
Palo Alto online training
CompTIA Security+ certification
CompTIA CySA+ training
CompTIA PenTest+ course
CompTIA Network+ certification
CompTIA A+ cybersecurity path
Cisco cybersecurity certification
Cisco CCNA security training
Cisco CCNP security course
Cisco network security certification
Cisco ethical hacking course
Cybersecurity certification Singapore
Ethical hacking course Singapore
Cisco certification Singapore
CompTIA Security+ Singapore
Palo Alto training Singapore
IBM cybersecurity course Singapore
Cybersecurity training Malaysia
Ethical hacking Malaysia course
Cisco certification Malaysia
CompTIA certification Malaysia
Palo Alto Malaysia training
IBM cybersecurity Malaysia
Cybersecurity certification Thailand
Ethical hacking course Thailand
Cisco Thailand training
CompTIA Thailand certification
Palo Alto Thailand course
IBM cybersecurity Thailand
Cybersecurity training Cambodia
Ethical hacking Cambodia course
Cisco certification Cambodia
CompTIA Cambodia training
Palo Alto Cambodia certification
IBM cybersecurity Cambodia
Cybersecurity training Myanmar
Ethical hacking Myanmar course
Cisco Myanmar certification
CompTIA Myanmar training
Palo Alto Myanmar certification
IBM cybersecurity Myanmar
Cybersecurity certification USA
Ethical hacking course USA
Cisco certification USA
CompTIA Security+ USA
Palo Alto training USA
IBM cybersecurity certification USA
Cybersecurity certification UK
Ethical hacking course UK
Cisco certification UK
CompTIA UK training
Palo Alto UK certification
IBM cybersecurity UK
Cybersecurity certification UAE
Cybersecurity course Dubai
Ethical hacking Dubai
Cisco certification Dubai
CompTIA UAE training
Palo Alto Dubai certification
IBM cybersecurity UAE
Best cybersecurity certification for beginners in Singapore
Online CompTIA Security+ course with certification USA
Cisco CCNA security training institute in Dubai
Palo Alto PCNSE certification training in Malaysia
IBM cybersecurity certification online UK
The logos are used for illustrative purposes only, with no intended endorsement.
