F5 BIGIP APPLICATION SECURITY MANAGER (ASM)

Configuring BIG-IP ASM: Application Security Manager (WAF)

Course Description:

In this course, students are provided with a functional understanding of how to deploy, tune, and operate ASM to protect their web applications from HTTP-based attacks.

The course includes lecture, hands-on labs, and discussion about different ASM components for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.

Prerequisites:

There are no required F5 technology-specific prerequisites for this course. However, completing one the following before attending would be very helpful for students unfamiliar with BIG-IP:

  • Administering BIG-IP
  • F5 Certified BIG-IP Administrator

TOPICS:

Module 1: Setting Up the BIG-IP System

  • Packet Based Design Vs Full Proxy Architecture
  • What’s inside a BIG IP system
  • BIG-IP Platforms
  • What’s outside a Hardware BIG IP system
  • Initial BIG-IP setup
  • Licensing, Provisioning and Network Configuration

Module 2: Traffic Processing with BIG-IP

  • Identifying BIG-IP Traffic Processing Objects
  • Overview of Network Packet Flow
  • Understanding Profiles
  • Overview of Local Traffic Policies
  • Visualizing the HTTP Request Flow

Module 3: Web Application Concepts

  • Overview of Web Application Request Processing
  • Web Application Firewall: Layer 7 Protection
  • ASM Layer 7 Security Checks
  • Overview of Web Communication Elements
  • Overview of the HTTP Request Structure
  • Examining HTTP Responses
  • How ASM Parses File Types, URLs, and Parameters
  • Using the Fiddler HTTP Proxy

Module 4: Common Web Application Vulnerabilities

  • Injection Attacks
  • Parameter Tampering
  • Hidden Field Manipulation
  • Forceful Browsing
  • Cross Site Scripting

Chapter 5: Security Policy Deployment

  • Positive & Negative Security Models
  • The Deployment Workflow
  • Security Checks offered by Rapid Deployment
  • Response Checks using Data Guard

Module 6: Policy Tuning and Violations

  • Defining False Positives
  • How Violations are Categorized
  • Violation Rating: A Threat Scale
  • Enforcement settings & Staging

Module 7: Attack Signatures

  • Defining Attack Signatures
  • Creating User-Defined Attack Signatures
  • Defining Attack Signature Sets
  • Understanding Attack Signatures and Staging

Module 8: Positive Security Policy Building

  • Defining and Learning Security Policy Components
  • Learning File Types , URLs and Parameters
  • Choosing the Learning Scheme

Module 9: Cookies and Other Headers

  • ASM Cookies: What to Enforce
  • Enforce integrity of domain cookies
  • Defining Allowed and Enforced Cookies

Module 10: User Roles and Policy Modification

  • Defining user Roles
  • Administrative Partitions
  • Comparing Security Policies
  • Editing and Exporting Security Policies
  • ASM Deployment Types

Module 11: Reporting and Logging

  • Reporting
  • Logging and Viewing Logs
  • Logging Profiles – Default & Custom

Module 12: Advanced Parameter Handling

  • Defining Parameters types
  • User-Input Parameters
  • Defining static Parameters
  • Defining Dynamic Parameters
  • Dynamic parameter Extraction

Module 13: Using Application-Ready Templates

  • Application Ready Templates
  • Commonly used Templates

Module 14: Automatic Policy Building

  • Overview of Automatic Policy Building
  • Choosing policy types [Rapid, Fundamental and Comprehensive]
  • Trusted and Untrusted IP Addresses
  • Learning speed
  • Learning Score

Module 15: Web Application Vulnerability Scanner Integration

  • Overview
  • Integrating ASM with Vulnerability scanner
  • Resolving Vulnerabilities

Module 16: Layered Policies

  • Overview of Layered Security Policies
  • Parent and child security policy terminology
  • Policy Section elements and settings
  • Inheritance settings

Module 17: Login Enforcement and Session Tracking

  • Defining Login URL
  • Defining Session Tracking
  • Session Hijacking Mitigation
  • Fingerprinting Overview
  • Partial List of what ASM can fingerprint

Module 18: Brute Force and Web Scraping Mitigation

  • Defining Anomalies
  • Mitigating Brute Force Attacks via Login Page
  • Defining Session-Based Brute Force Protection
  • Defining the Prevention Policy
  • Mitigating Web Scraping
  • Defining Geo location and IP address Exceptions

Module 19: Layer 7 DoS Mitigation and Advanced Bot Protection

  • Defining Denial of Service Attacks
  • Defining the DoS Profile
  • Defining Mitigation Methods
  • Using BOT Signatures
  • Create a DoS Logging Profile
  • Defining DoS Profile General Settings
  • Defining Bot Signatures
  • Defining Proactive Bot Defense