In this 4-day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks.
The course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero-day exploits.
Course Topics
โข Resource provisioning for F5 Advanced Web Application Firewall
โข Traffic processing with BIG-IP Local Traffic Manager (LTM)
โข Web application concepts
โข Mitigating the OWASP Top 10 and other vulnerabilities
โข Security policy deployment
โข Security policy tuning
โข Deploying Attack Signatures and Threat Campaigns
โข Positive security building
โข Securing cookies and other headers
โข Reporting and logging
โข Advanced parameter handling
โข Using Automatic Policy Builder
โข Integrating with web vulnerability scanners
โข Login enforcement for flow control
โข Brute force and credential stuffing mitigation
โข Session tracking for client reconnaissance
โข Using Parent and Child policies
โข Layer 7 DoS protection
โข Configuring Advanced Bot Defense
โข Course Objectives
โข Describe the role of the BIG-IP system as a full proxy device in an application delivery network
โข Provision the F5 Advanced Web Application Firewall
โข Define a web application firewall
โข Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters
โข Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other templates) and define the security checks included in each
โข Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall
โข Define attack signatures and explain why attack signature staging is important
โข Deploy Threat Campaigns to secure against CVE threats
โข Contrast positive and negative security policy implementation and explain benefits of each
โข Configure security processing at the parameter level of a web application
โข Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder
โข Tune a policy manually or allow automatic policy building
โข Integrate third party application vulnerability scanner output into a security policy
โข Configure login enforcement for flow control
โข Mitigate credential stuffing
โข Configure protection against brute force attacks
โข Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents
Chapter 1: Introducing the BIG-IP System
โข Initially Setting Up the BIG-IP System
โข Archiving the BIG-IP System Configuration
โข Leveraging F5 Support Resources and Tools
Chapter 2: Traffic Processing with BIG-IP
โข Identifying BIG-IP Traffic Processing Objects
โข Understanding Profiles
โข Overview of Local Traffic Policies
โข Visualizing the HTTP Request Flow
Chapter 3: Overview of Web Application Processing
โข Web Application Firewall: Layer 7 Protection
โข Layer 7 Security Checks
โข Overview of Web Communication Elements
โข Overview of the HTTP Request Structure
โข Examining HTTP Responses
โข How F5 Advanced WAF Parses File Types, URLs, and Parameters
โข Using the Fiddler HTTP Proxy
Chapter 4: Overview of Web Application Vulnerabilities
โข A Taxonomy of Attacks: The Threat Landscape
โข Common Exploits Against Web Applications
Chapter 5: Security Policy Deployments: Concepts and Terminology
โข Defining Learning
โข Comparing Positive and Negative Security Models
โข The Deployment Workflow
โข Assigning Policy to Virtual Server
โข Deployment Workflow: Using Advanced Settings
โข Configure Server Technologies
โข Defining Attack Signatures
โข Viewing Requests
โข Security Checks Offered by Rapid Deployment
Chapter 6: Policy Tuning and Violations
โข Post-Deployment Traffic Processing
โข How Violations are Categorized
โข Violation Rating: A Threat Scale
โข Defining Staging and Enforcement
โข Defining Enforcement Mode
โข Defining the Enforcement Readiness Period
โข Reviewing the Definition of Learning
โข Defining Learning Suggestions
โข Choosing Automatic or Manual Learning
โข Defining the Learn, Alarm and Block Settings
โข Interpreting the Enforcement Readiness Summary
โข Configuring the Blocking Response Page
Chapter 7: Using Attack Signatures and Threat Campaigns
โข Defining Attack Signatures
โข Attack Signature Basics
โข Creating User-Defined Attack Signatures
โข Defining Simple and Advanced Edit Modes
โข Defining Attack Signature Sets
โข Defining Attack Signature Pools
โข Understanding Attack Signatures and Staging
โข Updating Attack Signatures
โข Defining Threat Campaigns
โข Deploying Threat Campaigns
Chapter 8: Positive Security Policy Building
โข Defining and Learning Security Policy Components
โข Defining the Wildcard
โข Defining the Entity Lifecycle
โข Choosing the Learning Scheme
โข How to Learn: Never (Wildcard Only)
โข How to Learn: Always
โข How to Learn: Selective
โข Reviewing the Enforcement Readiness Period: Entities
โข Viewing Learning Suggestions and Staging Status
โข Defining the Learning Score
โข Defining Trusted and Untrusted IP Addresses
โข How to Learn: Compact
Chapter 9: Securing Cookies and other Header Topics
โข The Purpose of F5 Advanced WAF Cookies
โข Defining Allowed and Enforced Cookies
โข Securing HTTP headers
Chapter 10: Visual Reporting and Logging
โข Viewing Application Security Summary Data
โข Reporting: Build Your Own View
โข Reporting: Chart based on filters
โข Brute Force and Web Scraping Statistics
โข Viewing Resource Reports
โข PCI Compliance: PCI-DSS 3.0
โข Analyzing Requests
โข Local Logging Facilities and Destinations
โข Viewing Logs in the Configuration Utility
โข Defining the Logging Profile
โข Configuring Response Logging
Chapter 11: Lab Project 1
Chapter 12: Advanced Parameter Handling
โข Defining Parameter Types
โข Defining Static Parameters
โข Defining Dynamic Parameters
โข Defining Parameter Levels
โข Other Parameter Considerations
Chapter 13: Automatic Policy Building
โข Defining Templates Which Automate Learning
โข Defining Policy Loosening
โข Defining Policy Tightening
โข Defining Learning Speed: Traffic Sampling
โข Defining Track Site Changes
Chapter 14: Integrating with Web Application Vulnerability Scanners
โข Integrating Scanner Output
โข Importing Vulnerabilities
โข Resolving Vulnerabilities
โข Using the Generic XML Scanner XSD file
Chapter 15: Deploying Layered Policies
โข Defining a Parent Policy
โข Defining Inheritance
โข Parent Policy Deployment Use Cases
Chapter 16: Login Enforcement and Brute Force Mitigation
โข Defining Login Pages for Flow Control
โข Configuring Automatic Detection of Login Pages
โข Defining Brute Force Attacks
โข Brute Force Protection Configuration
โข Source-Based Brute Force Mitigations
โข Defining Credential Stuffing
โข Mitigating Credential Stuffing
Chapter 17: Reconnaissance with Session Tracking
โข Defining Session Tracking
โข Configuring Actions Upon Violation Detection
Chapter 18: Layer 7 Denial of Service Mitigation
โข Defining Denial of Service Attacks
โข Defining the DoS Protection Profile
โข Overview of TPS-based DoS Protection
โข Creating a DoS Logging Profile
โข Applying TPS Mitigations
โข Defining Behavioral and Stress-Based Detection
Chapter 19: Advanced Bot Defense
โข Classifying Clients with the Bot Defense Profile
โข Defining Bot Signatures
โข Defining F5 Fingerprinting
โข Defining Bot Defense Profile Templates
โข Defining Microservices protection
Chapter 20: Final Projects
Course Changes since v15
โข The Configuring F5 Advanced Web Application Firewall course has been modified to reflect changes in the Configuration utility and changes in behavior.
โข Data Guard is now accessed under Advanced Settings per application security policy.
โข File Types are now accessed under Advanced Settings per application security policy.
โข Login Page configuration has moved to Sessions and Logins section per application security policy.
โข Lab numbers are no longer used: Labs are now identified by name.
โข The section and lab regarding Data Safe has been removed from the class.
โข A new section on Leaked Credentials Detection has been added to the Brute Force section of the class.
Course Changes since v15
โข The Configuring F5 Advanced Web Application Firewall course has been modified to reflect changes in the Configuration utility and changes in behavior.
โข Data Guard is now accessed under Advanced Settings per application security policy.
โข File Types are now accessed under Advanced Settings per application security policy.
โข Login Page configuration has moved to Sessions and Logins section per application security policy.
โข Lab numbers are no longer used: Labs are now identified by name.
โข The section and lab regarding Data Safe has been removed from the class.
โข A new section on Leaked Credentials Detection has been added to the Brute Force section of the class.
โข Describe the role of the BIG-IP system as a full proxy device in an application delivery network
โข Provision the F5 Advanced Web Application Firewall
โข Define a web application firewall
โข Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters
โข Deploy F5 Advanced Web Application Firewall using the Rapid Deployment template (and other templates) and define the security checks included in each
โข Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall
โข Define attack signatures and explain why attack signature staging is important
โข Deploy Threat Campaigns to secure against CVE threats
โข Contrast positive and negative security policy implementation and explain benefits of each
โข Configure security processing at the parameter level of a web application
โข Deploy F5 Advanced Web Application Firewall using the Automatic Policy Builder
โข Tune a policy manually or allow automatic policy building
โข Integrate third party application vulnerability scanner output into a security policy
โข Configure login enforcement for flow control
โข Mitigate credential stuffing
โข Configure protection against brute force attacks
โข Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents
There are no F5-technology-specific prerequisites for this course. However, completing the following before attending would be very helpful for students with limited BIG-IP administration and configuration experience:
? Administering BIG-IP instructor-led course ? -or-
? F5 Certified BIG-IP Administrator
The following free web-based training courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience.
These courses are available at LearnF5 (https://www.f5.com/services/training):
? Getting Started with BIG-IP web-based training
? Getting Started with BIG-IP Application Security Manager (ASM) web-based training
The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:
? OSI model encapsulation
? Routing and switching
? Ethernet and ARP
? TCP/IP concepts
? IP addressing and subnetting
? NAT and private IP addressing
? Default gateway
? Network firewalls
? LAN vs. WAN
This course is intended for SecOps personnel responsible for the deployment, tuning, and day-to-day maintenance of F5 Adv. WAF.
Participants will obtain a functional level of expertise with F5 Advanced WAF, including comprehensive security policy and profile configuration, client assessment, and appropriate mitigation types.
โขExperience with LTM is not required
โขPrior WAF knowledge is not required
This course is on the list of approved study resources for the F5 ASM 303 certification exam.
