In this 4-day course, students are provided with a functional understanding of how to deploy, tune, and operate F5 Advanced Web Application Firewall to protect their web applications from HTTP-based attacks.

The course includes lecture, hands-on labs, and discussion about different F5 Advanced Web Application Firewall tools for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero-day exploits.

Topics Covered

• Resource provisioning for F5 Advanced Web Application Firewall
• Traffic processing with BIG-IP Local Traffic Manager (LTM)
• Web application concepts
• Mitigating the OWASP Top 10 and other vulnerabilities
• Security policy deployment
• Security policy tuning
• Deploying Attack Signatures and Threat Campaigns
• Positive security building
• Securing cookies and other headers
• Reporting and logging
• Advanced parameter handling
• Using Automatic Policy Builder
• Integrating with web vulnerability scanners
• Login enforcement for flow control
• Brute force and credential stuffing mitigation
• Session tracking for client reconnaissance
• Using Parent and Child policies
• Layer 7 DoS protection
- Transaction Per Second-based DoS protection
- Layer 7 Behavioral DoS Protection
• Configuring Advanced Bot Defense
- Web Scraping and other Microservice Protection
- Working with Bot Signatures
• Using DataSafe to Secure the client side of the Document Object Model