The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune, and operate BIG-IP Application Security Manager (ASM) to protect their web applications from HTTP-based attacks.

      The course includes lecture, hands-on labs, and discussion about different ASM components for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day exploits.
二、课程大纲
1.Setting Up the BIG-IP System

• Introducing the BIG-IP System
• Initially Setting Up the BIG-IP System
• Archiving the BIG-IP System Configuration
• Leveraging F5 Support Resources and Tools

• Identifying BIG-IP Traffic Processing Objects
• Overview of Network Packet Flow
• Understanding Profiles
• Overview of Local Traffic Policies and ASM
• HTTP Request Flow
• Chapter Resources

• Overview of Web Application Request Processing
• Web Application Are Vulnerable Even with SSL
• Layer 7 Protection with Web Application Firewalls
• Overview of Web Communication Elements
• Parsing URLs
• Overview of the HTTP Request Structure
• Method: Perform Actions on a Server
• HTTP Methods ASM Accepts by Default
• Comparing POST with GET
• Risks Within Other Methods
• Methods Enforcement for URLs
• HTTP Response Codes
• Examining HTTP Responses
• HTTPUser Input Forms: Free Text Input
• User Input Forms: Free Text Input
• How ASM Parses File Types, URLs, and Parameters
• Using the Fiddler HTTP Proxy
• Chapter Resources

• Common Exploits Against Web Applications

• Comparing Positive and Negative Security Models
• Deployment: Combining Positive and Negative Security
• The Deployment Workflow
• Policy Type: How Will the Policy Be Applied
• Policy Template: Determines the Level of Protection
• Policy Templates: Automatic or Manual Policy Building
• Deployment Workflow: Advanced Settings
• Viewing Requests
• Security Checks Offered by Rapid Deployment
• Response Checks Using Data Guard
• Chapter Resources

• Post-Deployment Traffic Processing
• Defining Violations
• Defining False Positives
• How Violations are Categorized
• Violation Rating: A Threat Scale
• Defining Staging and Enforcement
• Defining Enforcement Mode
• Defining the Enforcement Readiness Period
• Defining Learning
• Defining Learning Suggestions
• Choosing Automatic or Manual Learning
• Defining the Learn, Alarm and Block Settings
• Interpreting the Enforcement Readiness Summary
• Configuring the Blocking Response Page
• Chapter Resources

• Defining Attack Signatures
• Creating User-Defined Attack Signatures
• Defining Attack Signature Sets
• Defining Attack Signature Pools
• Updating Attack Signatures
• Understanding Attack Signatures and Staging
• Chapter Resources

• Defining Security Policy Components
• Defining the Wildcard
• The Entity Staging Lifecycle
• Choosing the Learning Scheme
• How to Learn: Never (Wildcard Only)
• How To Learn: Always
• How to Learn: Selective
• Reviewing the Enforcement Readiness Period: Entities
• Violations Without Learning Suggestions
• Defining the Learning Score
• Defining Trusted and Untrusted IP Addresses
• How to Learn: Compact
• Chapter Resources

• ASM Cookies: What to Enforce
• Defining Allowed and Enforced Cookies
• Configuring Security Processing on HTTP headers
• Chapter Resources

• Reporting: Build Your Own View
• Reporting: Chart based on filters
• Brute Force and Web Scraping Statistics
• Viewing ASM Resource Reports
• PCI Compliance: PCI-DSS 3.0
• Generating a Security Events Report
• Viewing Traffic Learning Graphs
• Local Logging Facilities and Destinations
• Viewing Logs in the Configuration Utility
• Logging Profiles: Build What You Need
• Chapter Resources

• Defining User Roles
• Defining ASM User Roles
• Defining Partitions
• Configuring User Partition Access
• Comparing Security Policies with Policy Diff
• Merging Security Policies
• Editing and Exporting Security Policies
• Restoring with Policy History
• Examples of ASM Deployment Types
• ConfigSync and ASM Security Data
• ASMQKVIEW: Provide to F5 Support for Troubleshooting
• Chapter Resources

• Defining Parameter Types
• Defining Static Parameters
• Defining Dynamic Parameters
• Defining Dynamic Parameter Extraction Properties
• Defining Parameter Levels
• Other Parameter Considerations
• Chapter Resources

• Application Templates: Pre-Configured Baseline Security
• Chapter Resources

• Overview of Automatic Policy Building
• Defining Templates Which Automate Learning
• Defining Policy Loosening
• Defining Policy Tightening
• Defining Learning Speed: Traffic Sampling
• Defining Track Site Changes
• Chapter Resources

• Integrating Scanner Output Into ASM
• Will Scan be Used for a New or Existing Policy?
• Importing Vulnerabilities
• Resolving Vulnerabilities
• Using the Generic XML Scanner XSD file
• Chapter Resources

• Defining a Login URL
• Login Enforcement: Time and Logout Conditions
• Defining Session Tracking
• Configuring Actions Upon Violation Detection
• Session Hijacking Mitigation
• Why Fingerprint A Client
• Chapter Resources

• Defining Anomalies
• Mitigating Brute Force Attacks via Login Page
• Defining Session-Based Brute Force Protection
• Defining Dynamic Brute Force Protection
• Defining the Prevention Policy
• Defining Web Scraping
• Defining Geolocation Enforcement
• Configuring IP Address Exceptions
• Chapter Resources

• Defining a Parent Policy
• Defining Inheritance
• Parent Policy Deployment Use Cases
• Chapter Resources

• Defining Denial of Service Attacks
• Defining DoS Profile General Settings
• Defining Proactive Bot Defense
• Using Bot Signatures
• Defining TPS-based DoS Protection
• Defining Operation Mode
• Defining Mitigation Methods
• Defining Behavioral and Stress-Based Detection
• Defning Behavioral DoS
• Chapter Resources

• Common Uses for iRules
• Identifying iRule Components
• Triggering iRules with Events
• Defining ASM iRule Events
• Defining ASM iRule Commands
• Using ASM iRule Event Modes
• Chapter Resources

• Defining Asynchronous JavaScript and XML
• Defining JavaScript Object Notation (JSON)
• Defining Content Profiles
• The Order of Operations for URL Classification
• Chapter Resources

• Course Review Questions
• Answers to Review Questions

• Getting Started Series Web-Based Training
• F5 Instructor Led Training Curriculum
• F5 Professional Certification Program