Network Security F5 Networks Configuring BIG-IP® ASM v12: Application Security Manager

F5 Networks Configuring BIG-IP® ASM v12: Application Security Manager


Date of Class:


Last Day To Enroll:

3995.00 3,995.00

  • Course Delivery: Virtual Classroom
  • Duration: 4
  • Language: English

Chat Live | Contact Us | Toll Free: (888) 360-8764



Learn skills to manage Web-based and XML application attacks and use Application Security Manager to defend against these attacks, including building security policies, utilizing traffic learning, deploying Application Security Manager with various applications, and testing using realistic web site traffic.


Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.


Topics Covered

Lesson 1: Setting Up the BIG-IP System

  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Archiving the BIG-IP System Configuration
  • Leveraging F5 Support Resources and Tools
  • Chapter Resources
  • BIG-IP System Setup Labs
    • Lesson 2: Traffic Processing with BIG-IP

      • Identifying BIG-IP Traffic Processing Objects
      • Understanding Network Packet Flow
      • Understanding Profiles
      • Overview of Local Traffic Policies and ASM
        • Lesson 3: Web Application Concepts

          • Anatomy of a Web Application
          • An Overview of Common Security Methods
          • Examining HTTP and Web Application Components
          • Examining HTTP Headers
          • Examining HTTP Responses
          • Examining HTML Components
          • How ASM Parses File Types, URLs, and Parameters
          • Using the Fiddler HTTP Proxy Tool
            • Lesson 4: Web Application Vulnerabilities

              • OWASP Top 10 Vulnerabilities
                • Lesson 5: Security Policy Deployment

                  • Comparing Positive and Negative Security
                  • Using the Deployment Wizard
                  • Deployment Wizard: Local Traffic Deployment
                  • Deployment Wizard: Workflow
                  • Reviewing Requests
                  • Security Checks offered by Rapid Deployment
                  • Configuring Data Guard
                    • Lesson 6: Policy Tuning and Violations

                      • Post-Configuration Traffic Processing
                      • Defining False Positives
                      • How Violations are Categorized
                      • Violation Ratings
                      • Enforcement Settings and Staging: Policy Control
                      • Defining Signature Staging
                      • Defining Enforcement Readiness Period
                      • Defining Learning
                      • Violations and Learning Suggestions
                      • Learning Mode: Automatic or Manual
                      • Defining Learn, Alarm and Block settings
                      • Interpreting Enforcement Readiness Summary
                      • Configuring the Blocking Response Page
                        • Lesson 7: Attack Signatures

                          • Defining Attack Signatures
                          • Creating User-Defined Attack Signatures
                          • Attack Signature Normalization
                          • Attack Signature Structure
                          • Defining Attack Signature Sets
                          • Defining Attack Signature Pools
                          • Updating Attack Signatures
                          • Understanding Attack Signatures and Staging
                            • Lesson 8: Positive Security Policy Building

                              • Defining Security Policy Components
                              • Choosing an Explicit Entities Learning Scheme
                              • How to learn: Add All Entities
                              • Staging and Entities: The Entity Lifecycle
                              • How to Learn: Never (Wildcard Only)
                              • How to Learn: Selective
                              • Learning Differentiation: Real Threats vs. False positives
                                • Lesson 9: Cookies and Other Headers

                                  • ASM Cookies: What to nforce
                                  • Understanding Allowed and Enforced Cookies
                                  • Configuring Security Processing on HTTP Headers
                                    • Lesson 10: Reporting and Logging

                                      • Reporting Capabilities in ASM
                                      • Viewing DoS Reports
                                      • Generating an ASM Security Events Report
                                      • Viewing Log files and Local Facilities
                                      • Understanding Logging Profiles
                                        • Lesson 11: User Roles and Policy Modification

                                          • Understanding User Roles and Partitions
                                          • Comparing Policies
                                          • Editing and Exporting Security Policies
                                          • Examples of ASM Deployment Types
                                          • Overview of ASM Synchronization
                                          • Collecting Diagnostic Data with asmqkview
                                            • Lesson 12: Lab Project

                                              • Lab Project 1
                                                • Lesson 13: Advanced Parameter Handling

                                                  • Defining Parameters
                                                  • Defining Static Parameters
                                                  • Understanding Dynamic Parameters and Extractions
                                                  • Defining Parameter Levels
                                                  • Understanding Attack Signatures and Parameters
                                                    • Lesson 14: Application-Ready Templates

                                                      • Application Template Overview
                                                        • Lesson 15: Automatic Policy Building

                                                          • Overview of Automatic Policy Building
                                                          • Choosing a Policy Type
                                                          • Defining Policy Building Process rules
                                                          • Defining the Learning Score
                                                            • Lesson 16: Web Application Vulnerability Scanners

                                                              • Integrating ASM with Vulnerability Scanners
                                                              • Importing Vulnerabilities
                                                              • Resolving Vulnerabilities
                                                              • Using the Generic XML Scanner Output
                                                                • Lesson 17: Login Enforcement & Session Tracking

                                                                  • Defining a Login URL
                                                                  • Defining Session Awareness and User Tracking
                                                                    • Lesson 18: Brute force and Web Scraping Mitigation

                                                                      • Defining Anomalies
                                                                      • Mitigating Brute Force Attacks
                                                                      • Defining Session-Based Brute Force Protection
                                                                      • Defining Dynamic Brute Force Protection
                                                                      • Defining the Prevention Policy
                                                                      • Mitigating Web Scraping
                                                                      • Defining Geolocation Enforcement
                                                                      • Configuring IP Address Exceptions
                                                                        • Lesson 19: Layer 7 DoS Mitigation

                                                                          • Defining Denial of Service Attacks
                                                                          • Defining General Settings L7 DoS Profile
                                                                          • Defining TPS-Based DoS Protection
                                                                          • Defining Operation Mode
                                                                          • Defining Mitigation Methods
                                                                          • Defining Stress-Based Detection
                                                                          • Defining Proactive Bot Defense
                                                                          • Using Bot Signatures
                                                                            • Lesson 20: ASM and iRules

                                                                              • Defining Application Security iRule Events
                                                                              • Using ASM iRule Event Modes
                                                                              • iRule Syntax
                                                                              • ASM iRule Commands
                                                                                • Lesson 21: XML and Web Services

                                                                                  • Defining XML
                                                                                  • Defining Web Services
                                                                                  • Configuring an XML Profile
                                                                                  • Schema and WSDL Configuration
                                                                                  • XML Attack Signatures
                                                                                  • Using Web Services Security
                                                                                    • Lesson 22: Web 2.0 Support: JSON Profiles

                                                                                      • Defining Asynchronous JavaScript and XML
                                                                                      • Defining JavaScript Object Notation
                                                                                      • Configuring a JSON Profile
                                                                                        • Lesson 23: Review and Final Labs


Subject Matter Expert

For over 20 years TLG Learning has been trusted by premier companies and government agencies TLG Learning is an F5 Authorized Training Center and works especially closely with F5 Networks TLG Learning is located in the Greater Seattle Area near F5 headquarters.

Got questions? Contact us below or call 877-881-2235

Why Choose

  • Fast and easy courses completion
  • Get an education faster than at traditional colleges!
  • 100% online - No classroom attendance required.
  • Unlimited 24x7 online customer support
  • Over 500,000+ certified nationwide.