WAF | Configuring Advanced WAF
 
Learn to deploy and operate F5 Advanced WAF to protect web applications from the most critical security risks as described in the OWASP Top 10 list, from bots and other automated agents, and from Denial of Service (DoS) attacks operating at the HTTP layer of the web application delivery ecosystem. Through a combination of lecture, hands-on labs, and discussion, secure applications from the majority of common attacks by the end of the first day. Take technical deep dives into mitigating web scraping, account aggregation, account creation, ad fraud, CAPTCHA defeat, card cracking, carding, cashing out, credential stuffing, and other unwanted automated application abuse as described in the OWASP automated threats list.
 
Observe various vulnerability mitigations in real time by playing the role of an attacker in lab exercises. Gain context for securing applications, including analysis of HTTP and the elements of both modern and traditional web applications such as file types, parameters, URLs, and login pages. Learn to recognize client and server-side technologies such as JSON and AJAX, and learn to address vulnerabilities that might be present in common application development tools such as PHP, AngularJS, and others.
 
Review recommended practices for reporting, security event logging, and integration with third-party web application vulnerability scanners in detail. Follow prescribed step-by-step directions for activities initially, and gradually gain proficiency so that, by the end of class, little or no instruction is needed to complete simple to more complex configurations.
 
Audience
This course is intended for SecOps personnel responsible for the deployment, tuning, and day-to-day maintenance of F5 Adv. WAF. Participants will obtain a functional level of expertise with F5 Advanced WAF, including comprehensive security policy and profile configuration, client assessment, and appropriate mitigation types.
Experience with LTM and prior WAF knowledge are not required.
 
Suggested Prework
The following free Self-Directed Training (SDT) courses, although optional, are helpful for any student with limited BIG-IP administration and configuration experience:
Getting Started with BIG-IP
Getting Started with Local Traffic Manager (LTM)
Getting Started with F5 Advanced WAF
General network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course, including OSI model encapsulation, routing and switching, Ethernet and ARP, TCP/IP concepts, IP addressing and subnetting, NAT and private IP addressing, NAT and private IP addressing, default gateway, network firewalls, and LAN vs. WAN.
 
Course Outline
Chapter 1: Introducing the BIG-IP System
Chapter 2: Traffic Processing with BIG-IP
Chapter 3: Overview of Web Application Processing
Chapter 4: Overview of Web Application Vulnerabilities
Chapter 5: Security Policy Deployments: Concepts and Terminology
Chapter 6: Policy Tuning and Violations
Chapter 7: Using Attack Signatures and Threat Campaigns
Chapter 8: Positive Security Policy Building
Chapter 9: Securing Cookies and other Header Topics
Chapter 10: Visual Reporting and Logging
Chapter 11: Lab Project 1
Chapter 12: Advanced Parameter Handling
Chapter 13: Automatic Policy Building
Chapter 14: Integrating with Web Application Vulnerability Scanners
Chapter 15: Deploying Layered Policies
Chapter 16: Login Enforcement and Brute Force Mitigation
Chapter 17: Reconnaissance with Session Tracking
Chapter 18: Layer 7 Denial of Service Mitigation
Chapter 19: Advanced Bot Defense
Chapter 20: Final Projects
 
Descargue el temario para conocer el detalle completo de los contenidos.
 
Debido a las constantes actualizaciones de los contenidos de los cursos por parte del fabricante, el contenido de este temario puede variar con respecto al publicado en el sitio oficial, sin embargo, Netec siempre entregará la versión actualizada de éste.