Training

This course is intended for security and network administrators who will be responsible for the installation, deployment, optimization and daily maintenance of the F5 Advanced Web Application Firewall.

Participants must validate at least one of these prerequisites before they can complete the training:

• Attend a course on the administration of BIG-IP (TRG-BIG-OP-ADMIN)
• Obtain certification F5 Certified BIG-IP Administrator
• To pass the free equivalency assessment of the Administering BIG-IP course with a score of 70% or more.

It is recommended that you have the following general knowledge and experience in network technology before participating in a course given by an instructor from F5 Global Training Services:

• Encapsulation of the OSI model
• Routing and switching
• Ethernet and ARP
• TCP/IP concepts
• IP address and subnet
• NAT and private IP address
• Default Gateway
• Network firewall
• LAN vs. WAN

After completing this training, you will be able to:

• Describe the role of the BIG-IP system as a complete proxy in a distribution network of applications
• Dimensioning the F5 Advanced Web Application Firewall
• Set a web application firewall
• Describe how F5 Advanced Web Application Firewall protects a web application by securing file types, URLs and settings
• Deploy F5 Advanced Web Application Firewall using the rapid deployment model (and other models) and define the security controls included in each model
• Set the learning, alarm and blocking parameters as part of the F5 Advanced Web Application Firewall configuration
• Define attack signatures and explain why staging attack signatures is important
• Deploy threat campaigns to protect against CVE threats
• Contrast the implementation of positive and negative security policies and explain the benefits of each of them
• Configure security processing at the parameters of a web application
• Deploy F5 Advanced Web Application Firewall with the help of automatic policy editor
• Adjusting a policy manually or allowing automatic development of a policy
• Integrating the results of a third party application vulnerability scanner into a security policy
• Configure connection application for flow control
• Minimize the filling of identification information (credential stuffing)
• Configure protection against brute force attacks
• Deployment of advanced defense against web site scrapers, all known robots and other automated agents
• Deploy DataSafe to secure customer-side data

• Resource Provision for F5 Advanced Web Application Firewall
• Traffic processing with BIG-IP Local Traffic Manager (LTM)
• Web Application Concepts
• Mitigation of the OWASP Top 10 and other vulnerabilities
• Deployment of security policy
• Optimization of security policies
• Deployment of signatures of attacks and threat campaigns
• Strengthening positive security
• Secure cookies and other headers
• Reporting and logging
• Advanced parameter management
• Use of automatic policy-making
• Integration with web vulnerability scanners
• Application of connection rules for flow control
• Reduction of gross force and filling of identification information
• Follow-up session for client recognition
• Use of parent and child policies
• Back protection of layer 7
• Protection against transaction-based denial-of-service attacks per second
• Protection against behavioural denial of service of layer 7
• Configuration of advanced robot defense
• Web Scraping and other microservices protections
• Working with robot signatures
• Use DataSafe to secure the client side of the Document Object Model
• Certification