Application Security Manager & Access Policy Manager Bootcamp (F5-TRG-BIG-EGW-APM-ASM)
This course prepares the student for the exams to become Certified Technology Specialist on ASM and APM. This course is a combination of the four-day F5 Application Security Manager and the 3-day Configuring BIG-IP APM - Access Policy Manager courses.
The first part of the course gives participants with the expertise needed to detect, mitigate, and prevent HTTP-based attacks on web applications. This lab intensive course starts at the simplest level for quickly configuring and implementing an application security policy and progresses through more complex configurations. The course includes detailed analysis and hands-on exercises for protecting web applications from brute force, web scraping, layer 7 DDoS, and other current attack vectors.
After course completion, participants will be able to differentiate between negative and positive security models, and configure the most appropriate protection for their own web applications The second part of the course gives network administrators, network operators, and network engineers a functional understanding of BIG-IP Access Policy Manager as it is commonly deployed in both application delivery network and remote access settings. The course introduces students to BIG-IP Access Policy Manager, its configuration objects, how it is commonly deployed, and how typical administrative and operational activities are performed. The course includes lecture, hands-on labs, interactive demonstrations, and discussions.
Target audience:
This course is intended for security and network administrators who will be responsible for the installation and day-to-day maintenance of the Application Security Manager. Plus for system and network administrators responsible for installation, setup, configuration, and administration of the BIG-IP Access Policy Manager.
Prerequisites:
Students should be familiar with the F5 BIG-IP Product Suite and, in particular, how to setup and configure a BIG-IP LTM system, including virtual servers, pools, profiles, VLANs and self-IPs. There are no required F5 prerequisites for this course, but completing one of the following before attending would be very helpful for students unfamiliar with BIG-IP:
Objectives:
At the end of this course, the student should be able to:
Application Security Manager
COURSE OUTLINE
Chapter 1: Setting Up the BIG-IP System
Chapter 12: Advanced parameter handling
Access Policy Manager
The first part of the course gives participants with the expertise needed to detect, mitigate, and prevent HTTP-based attacks on web applications. This lab intensive course starts at the simplest level for quickly configuring and implementing an application security policy and progresses through more complex configurations. The course includes detailed analysis and hands-on exercises for protecting web applications from brute force, web scraping, layer 7 DDoS, and other current attack vectors.
After course completion, participants will be able to differentiate between negative and positive security models, and configure the most appropriate protection for their own web applications The second part of the course gives network administrators, network operators, and network engineers a functional understanding of BIG-IP Access Policy Manager as it is commonly deployed in both application delivery network and remote access settings. The course introduces students to BIG-IP Access Policy Manager, its configuration objects, how it is commonly deployed, and how typical administrative and operational activities are performed. The course includes lecture, hands-on labs, interactive demonstrations, and discussions.
Target audience:
This course is intended for security and network administrators who will be responsible for the installation and day-to-day maintenance of the Application Security Manager. Plus for system and network administrators responsible for installation, setup, configuration, and administration of the BIG-IP Access Policy Manager.
Prerequisites:
Students should be familiar with the F5 BIG-IP Product Suite and, in particular, how to setup and configure a BIG-IP LTM system, including virtual servers, pools, profiles, VLANs and self-IPs. There are no required F5 prerequisites for this course, but completing one of the following before attending would be very helpful for students unfamiliar with BIG-IP:
- Administering BIG-IP V11 instructor-led course
- F5 Certified BIG-IP Administrator
- TMOS administration
- Network concepts and configuration
- Programming concepts
- Security concepts and terminology
- Web application delivery
Objectives:
At the end of this course, the student should be able to:
Application Security Manager
COURSE OUTLINE
Chapter 1: Setting Up the BIG-IP System
- Introducing the BIG-IP System
- Initially Setting Up the BIG-IP System
- Creating an Archive of the BIG-IP System
- Leveraging F5 Support Resources and Tools
- Understanding Traffic Processing with LTM
- Overview of Local Traffic Policies and ASM
- Anatomy of a Web Application
- An Overview of Common Security Methods
- Examining HTTP & Web Application Components
- Examining HTTP Headers
- Examining HTTP Responses
- Examining HTML Components
- How ASM parses File Types, URLs, & Parameters
- Using the Fiddler HTTP proxy tool
- Examining the OWASP Top 10 vulnerabilities
- Summary of risk mitigation using ASM
- About Positive and Negative Security Models
- Deployment Wizard: Local Traffic Deployment
- Deployment Wizard: Configuration settings
- Violations and Security Policy Building
- Reviewing Violations
- Defining Attack Signatures
- Attack Signature Features
- Defining Attack Signature Sets
- About User-defined Attack Signatures
- Updating Attack Signatures
- Understanding Attack Signatures and staging
- Defining Security Policy Components
- Security Through Entity Learning
- Reviewing Staging and Enforcement
- Understanding the Selective mode
- Learning Differentiation: Real threats vs. false positives
- Purposes of ASM Cookies
- Understanding Allowed and Enforced Cookies
- Configuring security processing on HTTP headers
- Reporting capabilities in ASM
- Generating a PCI Compliance Report
- Generating an ASM Security Events Report
- Understanding User Roles & Partitions
- Editing and Exporting Security Policies
Chapter 12: Advanced parameter handling
- Defining Parameters
- Defining Static Parameters
- Configuring Dynamic Parameters and Extractions
- Application-Ready Template Overview
- Overview of the Real Traffic Policy Builder
- Defining Policy Types
- Real Traffic Policy Builder Rules
- Integrating ASM with Application Vulnerability Scanners
- Resolving Vulnerabilities
- Using the generic XML scanner output
- Defining Login Pages
- Configuring Login Enforcement
- Configuring session and user tracking
- Defining Flows
- Configuring Flow Control
- Defining Anomaly Detection
- Preventing Brute Force Attacks
- Preventing Web Scraping
- Geolocation Enforcement
- Configuring IP Address Exceptions
- Defining iRules and iRule Events
- Using ASM iRule Event Modes
- iRule Syntax
- ASM iRule Commands
- Defining Asynchronous JavaScript and XML
- Defining JavaScript Object Notation (JSON)
- Configuring a JSON Profile
- Defining XML
- Configuring an XML Profile
- XML Attack Signatures
Access Policy Manager
- Chapter 1: Setting Up the BIG-IP System
- Chapter 2: APM Traffic Processing
- Chapter 3: APM Access Policies and Profiles
- Chapter 4: APM Portal Access
- Chapter 5: APM Network Access
- Chapter 6: APM Access Control Lists
- Chapter 7: APM Application Access & Webtops
- Chapter 8: BIG-IP LTM Concepts
- Chapter 9: Web Application Access for LTM
- Chapter 10: APM Macros and Authentication Servers
- Chapter 11: Client-Side Endpoint Security
- Chapter 12: Session Variables and iRules
- Chapter 13: APM Advanced Topics
- Chapter 14: Customization
- Chapter 15: SAML
- Chapter 16: APM Configuration Project