F5 Configuring BIG-IP ASM: Application Security Manager
Overview
The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune, and operate BIG-IP Application Security Manager (ASM) to protect their web applications from HTTP-based attacks. The course includes lecture, hands-on labs, and discussion about different ASM components for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.
Course Content/Exam(s)
Course Code | Description | Exam Code | Duration |
---|---|---|---|
WGAC-F5N-BIG-ASM-ESS | F5-Configuring-BIG-IP-ASM-Application-Security-Manager.pdf | 4 Days |
Course Benefits
- Describe the role of the BIG-IP system as a full proxy device in an application delivery network
- Provision the Application Security Manager
- Define a web application firewall
- Describe how ASM protects a web application by securing file types, URLs, and parameters
- Deploy ASM using the Rapid Deployment template (and other templates) and define the security checks included in each
- Define learn, alarm, and block settings as they pertain to configuring ASM
- Define attack signatures and explain why attack signature staging is important
- Contrast positive and negative security policy implementation and explain benefits of each
- Configure security processing at the parameter level of a web application
- Use an application template to protect a commercial web application
- Deploy ASM using the Automatic Policy Builder
- Tune a policy manually or allow automatic policy building
- Integrate third party application vulnerability scanner output into a security policy
- Configure login enforcement and session tracking
- Configure protection against brute force, web scraping, and Layer 7 denial of service attacks
- Implement iRules using specific ASM events and commands
- Use Content Profiles to protect JSON and AJAX-based applications
- Implement Bot Signatures
- Implement Proactive Bot Defense