F5-ASM/WAF Course Overview

To ensure that participants are well-prepared to successfully undertake the F5-ASM/WAF course and gain the maximum benefit from the training, the following prerequisites are recommended:

• Basic understanding of networking concepts, including the OSI model, IP addressing, and simple network protocols such as HTTP.
• Familiarity with web application architecture and common web application technologies.
• Knowledge of fundamental security concepts, such as firewalls, intrusion detection/prevention systems, and the importance of application security.
• Awareness of common web application vulnerabilities and threats, as well as the purpose and principles of a web application firewall (WAF).
• Some experience with system administration tasks on Windows or Linux operating systems is helpful but not mandatory.
• No prior experience with F5 technologies is required, but any exposure to BIG-IP or similar network or application delivery products would be beneficial.

These prerequisites are intended to provide a foundation that will help you grasp the course material more effectively. The course is designed to be accessible to those new to F5 solutions, with the lessons building upon your existing knowledge to help you understand and manage the F5 ASM/WAF effectively.

Target Audience for F5-ASM/WAF

The F5-ASM/WAF course is designed for IT professionals focusing on web application security and traffic management.

• Network Security Engineers
• System Administrators managing web application infrastructures
• Security Architects designing secure network environments
• Application Developers seeking to understand security deployment
• IT Security Consultants providing advice on application security
• Network Administrators responsible for F5 BIG-IP ASM/WAF devices
• Cybersecurity Analysts analyzing and securing web applications
• IT Professionals preparing for F5 certification exams
• DevOps Engineers integrating security into continuous deployment
• Webmasters responsible for maintaining the security of websites
• Compliance Officers ensuring adherence to web application security standards
• Technical Support Engineers supporting F5 security products
• Cloud Security Specialists working with cloud-based web applications

Learning Objectives - What you will Learn in this F5-ASM/WAF?

1. Introduction to the Course's Learning Outcomes: The F5-ASM/WAF course equips students with the skills to configure, manage, and optimize F5 Advanced Security Manager (ASM) to secure applications from threats and vulnerabilities.

2. Learning Objectives and Outcomes:

• Understand the flow of application traffic through F5 BIG-IP and the fundamentals of web application security.
• Perform the initial setup of the F5 BIG-IP system and configure core elements for traffic processing.
• Interpret and modify HTTP headers and learn about the OWASP Top 10 security risks.
• Develop and maintain a robust security model using F5 ASM to protect web applications.
• Deploy and tune initial security policies on ASM to improve defense against web attacks.
• Analyze and manage attack signatures to effectively mitigate threats.
• Construct positive security policies and secure cookies to enhance application security.
• Utilize reporting and logging functionalities on ASM for monitoring and compliance.
• Integrate ASM with vulnerability scanners for improved security posture and automated policy enhancements.
• Implement protections against brute force attacks, web scraping, DoS attacks, and manage session tracking effectively.

These objectives are designed to provide a comprehensive understanding and hands-on experience in utilizing F5 ASM/WAF for securing web applications against a wide range of security threats.