Network Security F5 Networks Configuring BIG-IP ASM v11: Application Security Manager

F5 Networks Configuring BIG-IP ASM v11: Application Security Manager


Date of Class:


Last Day To Enroll:

3995.00 3,995.00

  • Course Delivery: Virtual Classroom
  • Duration: 32
  • Language: English

Chat Live | Contact Us | Toll Free: (888) 360-8764



Learn skills to manage Web-based and XML application attacks and use Application Security Manager to defend against these attacks, including building security policies, utilizing traffic learning, deploying Application Security Manager with various applications, and testing using realistic web site traffic.


Topics Covered

Lesson 1: Setting up the BIG-IP System

  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Configuring the Management Interface
  • Provisioning Modules and Resources
  • Importing a Device Certificate
  • Specifying BIG-IP Platform Properties
  • Configuring the Network
  • Configuring NTP Servers
  • Configuring DNS Settings
  • Configuring High Availability Options
  • Configuring a Standard Pair
  • Creating an Archive of the BIG-IP System
  • Leveraging F5 Support Resources and Tools

Lesson 2: Traffic Processing with BIG-IP

  • Understanding Traffic Processing with LTM
  • Understanding Network Packet Flow
  • Understanding Profiles and ASM
  • Overview of Local Traffic Policies and ASM

Lesson 3: Web Application Concepts

  • Anatomy of a web application
  • An Overview of Common Security Methods
  • Examining HTTP and Web Application Components
  • Examining HTTP Headers
  • Examining HTTP Responses
  • Examining HTML Components
  • How ASM Parses File Types, URLs, and Parameters
  • Using the Fiddler HTTP proxy tool

Lesson 4: Web Application Vulnerabilities

  • OWASP Top 10 (2013)
  • Summary of Risk Mitigation using ASM

Lesson 5: Security Policy Deployment

  • About Positive and Negative Security Models
  • Deployment Wizard: Policy creation scenarios
  • Features of the Rapid Deployment template
  • Deployment Wizard: Local Traffic Deployment
  • Deployment Wizard: Configuration Settings
  • Enforcement Settings
  • Reviewing Requests
  • Violations and Security Policy Building
  • Reviewing Violations
  • Security Policy Blocking Settings
  • Configuring the Blocking Response Page
  • Configuring Data Guard

Lesson 6: Attack Signatures

  • Defining Attack Signatures
  • Attack Signature Features
  • Defining Attack Signature Sets
  • About User-defined Attack Signatures
  • Updating Attack Signatures
  • Understanding Attack Signatures and staging

Lesson 7: Positive Security Policy Building

  • Defining Security Policy Components
  • Choosing an Explicit Entities Learning Scheme
  • Understanding Add All Entities
  • Security through Entity Learning
  • Reviewing Staging and Enforcement
  • Understanding Never (Wildcard Only)
  • Using the Selective mode
  • Learning Differentiation: Real threats vs. false positives

Lesson 8: Cookies and other Headers

  • Purpose of ASM Cookies
  • Understanding Allowed and Enforced Cookies
  • Configuring security processing on HTTP headers

Lesson 9: Reporting and Logging

  • Reporting Capabilities in ASM
  • Generating an ASM Security Events Report
  • Viewing Logs
  • Understanding Logging Profiles

Lesson 10: User Roles, policy modification, and other deployments

  • Understanding User Roles and Partitions
  • Editing and Exporting Security Policies
  • Examples of ASM Deployment Types
  • Overview of ASM Synchronization
  • Collecting diagnostic data with asmqkview

Lesson 11: Lab Project 1

Lesson 12: Advanced Parameter Handling

  • Defining Parameters
  • Defining Static Parameters
  • Understanding Dynamic Parameters and Extractions
  • Defining Parameter Levels
  • Understanding Attack Signatures and Parameters

Lesson 13: Application ready Templates

  • Application-Ready Template Overview

Lesson 14: Real Traffic Policy Builder

  • Overview of the Real Traffic Policy Builder
  • Policy Building Steps
  • Defining Policy Types
  • Real Traffic Policy Builder Rules

Lesson 15: Web Application Vulnerability Scanners

  • Integrating ASM with Application Vulnerability Scanners
  • Resolving Vulnerabilities
  • Using the generic XML scanner output

Lesson 16: Login Enforcement, Session Tracking, and Flows

  • Defining Login Pages
  • Defining Session Awareness and User Tracking
  • Defining Flows

Lesson 17: Anomaly Detection

  • Defining Anomaly Detection
  • Preventing Web Scraping
  • Preventing Denial of Service Attacks
  • Configuring Geolocation Enforcement
  • Configuring IP Address Exceptions

Lesson 18: ASM and iRules

  • Defining iRules and iRule events
  • Using ASM iRule Event Modes
  • iRule syntax
  • ASM iRule Commands

Lesson 19: AJAX and JSON Support

  • Defining Asynchronous JavaScript and XML
  • Defining JavaScript Object Notation
  • Configuring a JSON profile

Lesson 20: XML and web services

  • Defining XML
  • Defining Web Services
  • Configuring an XML profile
  • Schema and WSDL Configuration
  • XML Attack Signatures
  • Using Web Services Security

Lesson 21: Review and Final Lab Projects

  • Final Lab Project Option 1: Custom Rule for ASM-enabled local traffic policies
  • Final Lab Project Option 2: Production Scenario
  • Final Lab Project Option 3: JSON Parsing
  • Final Lab Project Option 4: XML & Web Services

Lesson 22: Additional Training and Certifications



Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.


Subject Matter Expert

For over 20 years TLG Learning has been trusted by premier companies and government agencies TLG Learning is an F5 Authorized Training Center and works especially closely with F5 Networks TLG Learning is located in the Greater Seattle Area near F5 headquarters.

Got questions? Contact us below or call 877-881-2235

Why Choose

  • Fast and easy courses completion
  • Get an education faster than at traditional colleges!
  • 100% online - No classroom attendance required.
  • Unlimited 24x7 online customer support
  • Over 500,000+ certified nationwide.