In this lab, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks. The hands-on labs, and discussion about different F5 Advanced Web Application Firewall (WAF) tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force,bots, code injection, and zero day exploits.
Course modules:
- Installation of F5 Platform
- LTM configuration
- ASM licensing
- Provisioning Resources for ASM
- Examining HTTP Responses
- Common Exploits Against Web Applications
- Assigning Policy to Virtual Server
- Defining Attack Signatures
- Viewing Requests
- Security Checks Offered by Rapid Deployment
- Defining Enforcement Mode
- Defining the Learn, Alarm and Block Settings
- Configuring the Blocking Response Page
- Defining Attack Signatures
- Creating User-Defined Attack Signatures
- Defining Simple and Advanced Edit Modes
- Defining Attack Signature Sets
- Defining Attack Signature Pools
- Defining Allowed and Enforced Cookies
- Configuring Security Processing on HTTP headers
- Brute Force and Web Scraping Statistics
- Defining the Logging Profile
- Configuring Response Logging
- Defining Parameter Types
- Defining Static Parameters
- Defining Dynamic Parameters
- Defining Parameter Levels
- Defining Policy Loosening
- Defining Policy Tightening
- Defining Track Site Changes
- Integrating Vulnerability Scanner Output
- Importing Vulnerabilities
- Deploying Virtual firewall
- Defining Session Tracking
- Brute Force Protection Configuration
- Source-Based Brute Force Mitigations
- Defining Credentials Stuffing
- Mitigating Credentials Stuffing
- Defining Session Tracking
- Configuring Actions Upon Violation Detection
- Defining Denial of Service Attacks
- Defining the DoS Protection Profile
- Creating a DoS Logging Profile
- Applying TPS Mitigations
- Defining Behavioral and Stress-Based Detection
Reviews
There are no reviews yet.