In this 4 day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks. The course includes lecture, [...]
  • F5_AWF
  • Duration 4 days
  • 0 ITK points
  • 1 term
  • Praha (75 300 Kč)

    Brno (on request)

    Bratislava (2 990 €)

In this 4 day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks. The course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits. This course is on the list of approved study resources for the F5 ASM 303 certification exam

»
  • Describe the role of the Advanced Web Application Firewall
  • Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs, and parameters
  • Deploy F5 Advanced Web Application Firewall policies
  • Define learn, alarm, and block settings as they pertain to configuring F5 Advanced Web Application Firewall
  • Define attack signatures and explain why attack signature staging is important
  • Deploy Threat Campaigns to secure against CVE threats
  • Deploy policie using manual or automated approach
  • Deploy Advanced Bot Defense against web scrapers, all known bots, and other automated agents
  • Deploy DataSafe to secure client-side data
  • Basic HTTP and HTML concepts
  • Basic security concepts
  • Common network terminology
  • Web application terminology
  • Resource provisioning for F5 Advanced Web Application Firewall
  • Traffic processing with BIG-IP Local Traffic Manager (LTM)
  • Web application concepts
  • Mitigating the OWASP Top 10 and other vulnerabilities
  • Security policy deployment
  • Security policy tuning
  • Deploying Attack Signatures and Threat Campaigns
  • Positive security building
  • Securing cookies and other headers
  • Reporting and logging
  • Advanced parameter handling
  • Using Automatic Policy Builder
  • Integrating with web vulnerability scanners
  • Login enforcement for flow control
  • Brute force and credential stuffing mitigation
  • Session tracking for client reconnaissance
  • Using Parent and Child policies
  • Layer 7 DoS protection Transaction Per Second-based DoS protection Layer 7 Behavioral DoS Protection
  • Configuring Advanced Bot Defense Web Scraping and other Microservice Protection Working with Bot Signatures
  • Using DataSafe to Secure the client side of the Document Object Model
Current offer
Training location
Course language

The prices are without VAT.