After completing this course, you will be able to:

• Explain the role of BIG-IP as a full proxy in an application delivery network

• Provision and configure F5 Advanced Web Application Firewall (WAF)

• Define what a web application firewall is and how it works

• Describe how F5 Advanced WAF protects applications by securing file types, URLs, and parameters

• Deploy Advanced WAF using the Rapid Deployment template (and other templates) and identify the security checks in each

• Configure learn, alarm, and block settings for Advanced WAF policies

• Define attack signatures and explain the importance of attack signature staging

• Deploy Threat Campaigns to protect against CVE-related vulnerabilities

• Compare positive and negative security policy models and their benefits

• Configure parameter-level security for web applications

• Deploy Advanced WAF with the Automatic Policy Builder

• Tune policies manually or with automatic policy building

• Import third-party vulnerability scanner results into a security policy

• Configure login enforcement and flow control

• Mitigate credential stuffing attacks

• Configure protections against brute force attacks

• Deploy Advanced Bot Defense to block scrapers, bots, and other automated threats

Chapter 1: Introducing the BIG-IP System

• Initially Setting Up the BIG-IP System

• Archiving the BIG-IP System Configuration

• Leveraging F5 Support Resources and Tools

Chapter 2: Traffic Processing with BIG-IP

• Identifying BIG-IP Traffic Processing Objects

• Understanding Profiles

• Overview of Local Traffic Policies

• Visualizing the HTTP Request Flow

Chapter 3: Overview of Web Application Processing

• Web Application Firewall: Layer 7 Protection

• Layer 7 Security Checks

• Overview of Web Communication Elements

• Overview of the HTTP Request Structure

• Examining HTTP Responses

• How F5 Advanced WAF Parses File Types, URLs, and Parameters

• Using the Fiddler HTTP Proxy

Chapter 4: Overview of Web Application Vulnerabilities

• A Taxonomy of Attacks: The Threat Landscape

• Common Exploits Against Web Applications

Chapter 5: Security Policy Deployments: Concepts and Terminology

• Defining Learning

• Comparing Positive and Negative Security Models

• The Deployment Workflow

• Assigning Policy to Virtual Server

• Deployment Workflow: Using Advanced Settings

• Configure Server Technologies

• Defining Attack Signatures

• Viewing Requests

• Security Checks Offered by Rapid Deployment

Chapter 6: Policy Tuning and Violations

• Post-Deployment Traffic Processing

• How Violations are Categorized

• Violation Rating: A Threat Scale

• Defining Staging and Enforcement

• Defining Enforcement Mode

• Defining the Enforcement Readiness Period

• Reviewing the Definition of Learning

• Defining Learning Suggestions

• Choosing Automatic or Manual Learning

• Defining the Learn, Alarm and Block Settings

• Interpreting the Enforcement Readiness Summary

• Configuring the Blocking Response Page

Chapter 7: Using Attack Signatures and Threat Campaigns

• Defining Attack Signatures

• Attack Signature Basics

• Creating User-Defined Attack Signatures

• Defining Simple and Advanced Edit Modes

• Defining Attack Signature Sets

• Defining Attack Signature Pools

• Understanding Attack Signatures and Staging

• Updating Attack Signatures

• Defining Threat Campaigns

• Deploying Threat Campaigns

Chapter 8: Positive Security Policy Building

• Defining and Learning Security Policy Components

• Defining the Wildcard

• Defining the Entity Lifecycle

• Choosing the Learning Scheme

• How to Learn: Never (Wildcard Only)

• How to Learn: Always

• How to Learn: Selective

• Reviewing the Enforcement Readiness Period: Entities

• Viewing Learning Suggestions and Staging Status

• Defining the Learning Score

• Defining Trusted and Untrusted IP Addresses

• How to Learn: Compact

Chapter 9: Securing Cookies and other Header Topics

• The Purpose of F5 Advanced WAF Cookies

• Defining Allowed and Enforced Cookies

• Securing HTTP headers

Chapter 10: Visual Reporting and Logging

• Viewing Application Security Summary Data

• Reporting: Build Your Own View

• Reporting: Chart based on filters

• Brute Force and Web Scraping Statistics

• Viewing Resource Reports

• PCI Compliance: PCI-DSS 3.0

• Analyzing Requests

• Local Logging Facilities and Destinations

• Viewing Logs in the Configuration Utility

• Defining the Logging Profile

• Configuring Response Logging

Chapter 11: Lab Project 1

Chapter 12: Advanced Parameter Handling

• Defining Parameter Types

• Defining Static Parameters

• Defining Dynamic Parameters

• Defining Parameter Levels

• Other Parameter Considerations

Chapter 13: Automatic Policy Building

• Defining Templates Which Automate Learning

• Defining Policy Loosening

• Defining Policy Tightening

• Defining Learning Speed: Traffic Sampling

• Defining Track Site Changes

Chapter 14: Integrating with Web Application Vulnerability Scanners

• Integrating Scanner Output

• Importing Vulnerabilities

• Resolving Vulnerabilities

• Using the Generic XML Scanner XSD file

Chapter 15: Deploying Layered Policies

• Defining a Parent Policy

• Defining Inheritance

• Parent Policy Deployment Use Cases

Chapter 16: Login Enforcement and Brute Force Mitigation

• Defining Login Pages for Flow Control

• Configuring Automatic Detection of Login Pages

• Defining Brute Force Attacks

• Brute Force Protection Configuration

• Source-Based Brute Force Mitigations

• Defining Credential Stuffing

• Mitigating Credential Stuffing

Chapter 17: Reconnaissance with Session Tracking

• Defining Session Tracking

• Configuring Actions Upon Violation Detection

Chapter 18: Layer 7 Denial of Service Mitigation

• Defining Denial of Service Attacks

• Defining the DoS Protection Profile

• Overview of TPS-based DoS Protection

• Creating a DoS Logging Profile

• Applying TPS Mitigations

• Defining Behavioral and Stress-Based Detection

Chapter 19: Advanced Bot Defense

• Classifying Clients with the Bot Defense Profile

• Defining Bot Signatures

• Defining F5 Fingerprinting

• Defining Bot Defense Profile Templates

• Defining Microservices protection

Chapter 20: Final Projects

Course Changes since v15

• The Configuring F5 Advanced Web Application Firewall course has been modified to reflect changes in the Configuration utility and changes in behavior.

• Data Guard is now accessed under Advanced Settings per application security policy.

• File Types are now accessed under Advanced Settings per application security policy.

• Login Page configuration has moved to Sessions and Logins section per application security policy.

• Lab numbers are no longer used: Labs are now identified by name.

• The section and lab regarding Data Safe has been removed from the class.

• A new section on Leaked Credentials Detection has been added to the Brute Force section of the class.

Course Changes since v15

• The Configuring F5 Advanced Web Application Firewall course has been modified to reflect changes in the Configuration utility and changes in behavior.

• Data Guard is now accessed under Advanced Settings per application security policy.

• File Types are now accessed under Advanced Settings per application security policy.

• Login Page configuration has moved to Sessions and Logins section per application security policy.

• Lab numbers are no longer used: Labs are now identified by name.

• The section and lab regarding Data Safe has been removed from the class.

• A new section on Leaked Credentials Detection has been added to the Brute Force section of the class.

There are no F5-technology-specific prerequisites for this course. However, completing the following before attending would be very helpful for students with limited BIG-IP administration and configuration experience:

▪ Administering BIG-IP instructor-led course ▪ -or-

▪ F5 Certified BIG-IP Administrator

The following free web-based training courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience.

▪ Getting Started with BIG-IP web-based training

▪ Getting Started with BIG-IP Application Security Manager (ASM) web-based training

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

▪ OSI model encapsulation

▪ Routing and switching

▪ Ethernet and ARP

▪ TCP/IP concepts

▪ IP addressing and subnetting

▪ NAT and private IP addressing

▪ Default gateway

▪ Network firewalls

▪ LAN vs. WAN

Exam 303 – BIG-IP ASM Specialist

Prerequisites: Valid F5-CA, BIG-IP Certification

Upon passing Exam 303, candidates receive their F5 Certified Technology Specialist, BIG-IP ASM certification. This certification verifies that a candidate is fully qualified to design, implement, and maintain BIG-IP ASM, integrating BIG-IP ASM with other platforms and products in a manner that is application-specific and appropriate to organizational policies, needs, and requirements. Receiving the F5-CTS, BIG-IP ASM certification is a prerequisite for the Security Solutions Expert certification track.

Administering BIG-IP v.16.1
Configuring BIG-IP LTM: Local Traffic Manager v.16.1
Configuring BIG-IP DNS (formerly GTM) v.16.1
Configuring BIG-IP APM: Access Policy Manager v.16.1
Developing iRules for BIG-IP v.16.1
Troubleshooting BIG-IP v.16.1