Awaiting product image

$995.00

Ask us about our Best Price Guarantee. We’ll beat any competitor’s price!

ICLIn-Classroom Learning VLTVirtual Live Training GTRGuaranteed to Run (*Discounted Registrations may not be eligible/are subject to change)
Location Start date End Date Class Times Class Details Action
No class dates currently scheduled. Click here to request a date

Overview

In this 1 day course, participants identify and mitigate common web application vulnerabilities on the client and application sides of the threat spectrum. Participants use F5 Advanced WAF to quickly configure advanced protection against common Layer 7 vulnerabilities (OWASP Top Ten) and bot defense.

Prerequisite(s):

Administering BIG-IP, OSI model, TCP/IP addressing and routing, WAN, LAN environments; or having achieved TMOS Administration Certification. Knowledge of Advanced WAF/ASM is recommended.

Audience:

This course is intended for users who wish to rapidly deploy a basic web application security policy with minimal configuration; deploy a DoS Protection Profile to detect server stress, and block bad actors.

Description

Outline:

Lesson 1: Setting Up the BIG-IP System

  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Archiving the BIG-IP System Configuration
  • Leveraging F5 Support Resources and Tools

Lesson 2: Threat Overview and Guided Configuration

  • Classifying Attack Types
  • Differentiating Benign and Malicious Clients
  • Categorizing Attack Techniques
  • Defining the Layer 7 Web Application Firewall
  • Defining Traffic Processing Objects
  • Introducing F5 Advanced WAF
  • Using Guided Configuration for Web Application Security

Lesson 3: Exploring HTTP Traffic

  • Exploring Web Application HTTP Request Processing
  • Overview of Application-Side Vulnerabilities
  • Defining Attack Signatures
  • Defining Violations

Lesson 4: Securing HTTP Traffic

  • Defining Learning
  • Defining Attack Signature Staging
  • Defining Attack Signature Enforcement

Lesson 5: Mitigating Credentials Stuffing

  • Defining Credentials Stuffing Attacks
  • The Credentials Stuffing Mitigation Workflow

Lesson 6: Using BIG-IP DataSafe

  • What Elements of Application Delivery are Targeted?
  • Exploiting the Document Object Model
  • Protecting Applications Using DataSafe
  • Configuring a DataSafe Profile

Lesson 7: Using Layer 7 Behavioral Analysis to Mitigate DoS

  • Defining Behavioral Analysis
  • Defining the DoS Protection Profile

Related Products