LENGTH: 8 Hours (1 day)
F5 Advanced Web Application Firewall (Advanced WAF) is a new offering including BIG-IP Application Security Manager (ASM) and additional anti-fraud features which can secure the entire Layer 7 threat spectrum, with client-side protection on one end and application-side protection on the opposite end.
Due to the complexity of traditional ASM implementations, F5 devised Advanced WAF as a solution for customers who want quick configuration for advanced protection against common layer 7 application vulnerabilities, layer 7 denial of service attacks, and client-side fraud defense.
Advanced WAF is not a different product from ASM. It is a new licensing model of existing ASM features, additional defense capabilities, paid add-on features, and paid subscription features.
• Differentiating between client-side and application-side web vulnerabilities
• Categorizing Attack Techniques
• Use the Guided Configuration to deploy a Web Application Security Policy
• Defining the key parts of a Web Application Security Policy
• Understanding request logging options
• Identifying HTTP headers and methods
• Defining attack signatures, attack signature staging, and violations
• Overview of the OWASP Top Ten
• Review learning suggestions and basic policy tuning
• Deploy Threat Campaign
• Mitigate Credentials Stuffing
• Secure a URL from client-side fraud using DataSafe encryption and obfuscation
• Use the automated L7 Behavioral Denial of Service feature to detect and mitigate DoS attacks
This course is intended for security and network administrators who will be responsible for the deployment of F5 Advanced Web Application Firewall to secure web applications from common vulnerabilities and denial of service.