F5 Configuring and Setting up Advanced WAF

This course is intended for security and network administrators who will be responsible for the installation, deployment, tuning, and day-to-day maintenance of the F5 Advanced Web Application Firewall. Setting Up is intended for those who wish to rapidly deploy a basic web application security policy with minimal configuration; deploy a DoS Protection Profile to detect server stress, and block bad actors.

There are no F5-technology-specific prerequisites for this course. However, completing the following before attending would be very helpful for students with limited BIG-IP administration and configuration experience: Administering BIG-IP instructor-led course -or- F5 Certified BIG-IP Administrator The following free web-based training courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience. These courses are available at F5 University: Getting Started with BIG-IP web-based training Getting Started with BIG-IP Application Security Manager (ASM) web-based training The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course: OSI model encapsulation Routing and switching Ethernet and ARP TCP/IP concepts IP addressing and subnetting NAT and private IP addressing Default gateway Network firewalls LAN vs. WAN

• Resource provisioning for F5 Advanced Web Application Firewall
• Traffic processing with BIG-IP Local Traffic Manager (LTM)
• Web application concepts
• Web application vulnerabilities
• Security policy deployment
• Security policy tuning
• Attack signatures
• Positive security building
• Securing cookies and other headers
• Reporting and logging
• Policy Diff, merging, and exporting
• Advanced parameter handling
• Using application templates
• Using Automatic Policy Builder
• Integrating with web vulnerability scanners
• Login enforcement
• Brute force mitigation
• Session tracking
• Web scraping detection and mitigation
• Geolocation Enforcement and IP Address Exceptions
• Using Parent and Child policies
• Layer 7 DoS protection
• F5 Advanced Web Application Firewall and iRules
• Using Content Profiles for AJAX and JSON applications
• Advanced Bot Detection and Defense
• Proactive Bot Defense
• Differentiating between client-side and application-side web vulnerabilities
• Categorizing Attack Techniques
• Use the Guided Configuration to deploy a Web Application Security Policy
• Defining the key parts of a Web Application Security Policy
• Understanding request logging options
• Identifying HTTP headers and methods
• Defining attack signatures, attack signature staging, and violations
• Overview of the OWASP Top Ten