top of page
WAF | Configuring Advanced WAF

WAF | Configuring Advanced WAF

 

Learn to deploy and operate F5 Advanced WAF to protect web applications from the most critical security risks as described in the OWASP Top 10 list, from bots and other automated agents, and from Denial of Service (DoS) attacks operating at the HTTP layer of the web application delivery ecosystem. Through a combination of lecture, hands-on labs, and discussion, secure applications from the majority of common attacks by the end of the first day. Take technical deep dives into mitigating web scraping, account aggregation, account creation, ad fraud, CAPTCHA defeat, card cracking, carding, cashing out, credential stuffing, and other unwanted automated application abuse as described in the OWASP automated threats list.

 

Observe various vulnerability mitigations in real time by playing the role of an attacker in lab exercises. Gain context for securing applications, including analysis of HTTP and the elements of both modern and traditional web applications such as file types, parameters, URLs, and login pages. Learn to recognize client and server-side technologies such as JSON and AJAX, and learn to address vulnerabilities that might be present in common application development tools such as PHP, AngularJS, and others.

 

Review recommended practices for reporting, security event logging, and integration with third-party web application vulnerability scanners in detail. Follow prescribed step-by-step directions for activities initially, and gradually gain proficiency so that, by the end of class, little or no instruction is needed to complete simple to more complex configurations.

 

Audience

This course is intended for SecOps personnel responsible for the deployment, tuning, and day-to-day maintenance of F5 Adv. WAF. Participants will obtain a functional level of expertise with F5 Advanced WAF, including comprehensive security policy and profile configuration, client assessment, and appropriate mitigation types.

Experience with LTM and prior WAF knowledge are not required.

 

Suggested Prework

The following free Self-Directed Training (SDT) courses, although optional, are helpful for any student with limited BIG-IP administration and configuration experience:

  • Getting Started with BIG-IP
  • Getting Started with Local Traffic Manager (LTM)
  • Getting Started with F5 Advanced WAF

General network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course, including OSI model encapsulation, routing and switching, Ethernet and ARP, TCP/IP concepts, IP addressing and subnetting, NAT and private IP addressing, NAT and private IP addressing, default gateway, network firewalls, and LAN vs. WAN.

 

Course Outline

  • Chapter 1: Introducing the BIG-IP System
  • Chapter 2: Traffic Processing with BIG-IP
  • Chapter 3: Overview of Web Application Processing
  • Chapter 4: Overview of Web Application Vulnerabilities
  • Chapter 5: Security Policy Deployments: Concepts and Terminology
  • Chapter 6: Policy Tuning and Violations
  • Chapter 7: Using Attack Signatures and Threat Campaigns
  • Chapter 8: Positive Security Policy Building
  • Chapter 9: Securing Cookies and other Header Topics
  • Chapter 10: Visual Reporting and Logging
  • Chapter 11: Lab Project 1
  • Chapter 12: Advanced Parameter Handling
  • Chapter 13: Automatic Policy Building
  • Chapter 14: Integrating with Web Application Vulnerability Scanners
  • Chapter 15: Deploying Layered Policies
  • Chapter 16: Login Enforcement and Brute Force Mitigation
  • Chapter 17: Reconnaissance with Session Tracking
  • Chapter 18: Layer 7 Denial of Service Mitigation
  • Chapter 19: Advanced Bot Defense
  • Chapter 20: Final Projects

 

Descargue el temario para conocer el detalle completo de los contenidos.

 

Debido a las constantes actualizaciones de los contenidos de los cursos por parte del fabricante, el contenido de este temario puede variar con respecto al publicado en el sitio oficial, sin embargo, Netec siempre entregará la versión actualizada de éste.

WAF | Configuring Advanced WAF

SKU: F5-WAF
bottom of page