F5 BIG-IP Application Security Manager (ASM) v11x

COURSE OUTLINE:

Description

In this course, you will learn how to manage web-based and XML application attacks and how to use Application Security Manager to defend against these attacks.

You will cover installation, configuration, management, security policy building, traffic learning, and implementation of Application Security Manager in both stand-alone and modular configurations.

Audience

Those who need to learn to use Application Security Manager to defend against attacks.

Prerequisites

Understanding of:

Basic HTTP and HTML concepts
Basic security concepts
Common network terminology
Web application terminology

Proficiency in:

Basic PC operation and application skills, including operating a CD drive, keyboard, mouse, and Windows OS
Basic web browser operation (Internet Explorer)

Learning Objectives

HTTP and HTML concepts
Common HTTP vulnerabilities
HTTP classes
Security policy building
Wildcard entities
Traffic learning
Parameter configuration and protection
Security policy templates
Web services protection
Protocol Security Manager configuration
Logging profiles
Install and understand web application configuration
Configure a security policy based on live traffic
Rapid deployment techniques
Monitor and administer Application Security Manager

1. Installation and Initial Access

BIG-IP
Licensing and the Setup Utility
Provisioning

2. Web Application Concepts

Web Application Basics
Web Page Components
HTTP Concepts
HTTP Request Components
HTTP Headers

3. Web Application Vulnerabilities

Risk Mitigation and ASM

4. ASM Application Configuration

Configuration Components
HTTP Class
Virtual Servers
SSL Termination/Initiation
HTTP Request Flow

5. Security Policy

Security Policy Properties
Policy Enforcer
Security Policy Configuration
Security Policy Components

6. Security Policy Building Tool

Deployment Wizard
Rapid Deployment Concepts

7. Application-Ready Security Policy

8. Reporting

9. Administering ASM

User Management
Human Readable Policy
Synching Configurations
ASM qkview
Upgrading to v10

10. Configuration Lab Project 1

11. Traffic Learning

Learning Concepts
Violations

12. Parameters

Parameter Types
Parameter Levels

13. Security Policy Builder

14. Advanced Topics

ASM iRules
Flow Login Pages
Anomaly Detections

15. XML and Web Services

XML Concepts
Web Services Protection

16. Protocol Security Manager

FTP Protection
SMTP Protection
HTTP Protection
Protocol Security Manager Statistics
Configuring Protocol Security Manager

17. Configuration Lab Project 2

Review Questions

RELATED COURSES

Courses
Cyber Security

Certified Information Privacy Manager (CIPM) Prep Course

In this course, you will gain foundational knowledge on concepts of privacy and data protection laws and practice. You will learn common principles and approaches to privacy as well as understand the major privacy models employed around the globe. An introduction to information security concepts and information security management and governance will be covered including frameworks, controls, and identity and access management. You will also learn about online privacy as it relates to using personal information on websites and other internet-related technologies.

You will learn how to create a privacy program at an organizational level, develop and implement a framework, and establish metrics to measure program effectiveness. In an interactive format applying practices to a real-world scenario, you will review privacy program practices through the privacy life cycle: assess, protect, sustain and respond.

This two-day program covering practices in managing information privacy includes:

Official IAPP CIPM participant guide
Official IAPP CIPM textbook
Official IAPP CIPM practice test
IAPP CIPM certification exam
IAPP membership for one year

Note: Your contact information must be provided to the IAPP and will be used by IAPP for membership services fulfillment in accordance with IAPP’s policies.

Courses
Cyber Security

Certified Information Privacy Professional US Government (CIPP/G) Prep Course

You will gain an introduction to US government privacy definitions and principals as well as a discussion around privacy and in the intelligence community. You will learn how to adequately protect government information, leadership responsibilities, information security, and compliance monitoring and workforce management.

This two-day program covering the principals of information privacy in the US government includes:

Official IAPP CIPP participant guide
Official IAPP CIPP textbook
Official IAPP CIPP practice test
IAPP CIPP/G certification exam voucher
IAPP membership for one year

Note: Your contact information must be provided to the IAPP and will be used by IAPP for membership services fulfillment in accordance with IAPP’s policies.

Courses
Cyber Security

Advanced Junos Security

In this course, you will go deeper into Junos security with advanced coverage of IPsec deployments, virtualization, high availability, advanced Network Address Translation (NAT) deployments, and Layer 2 security with Juniper Networks SRX Series Services Gateways. Through demonstrations and hands-on labs, you will gain experience configuring and monitoring advanced security features of the Junos operating system.

Certification:

JNCIP-SEC

Courses
Cyber Security

CISSP-ISSAP Certification Prep Course

This course is designed for those who hold their CISSP certification and would like to specialize in advanced expertise in information security architecture I for designing security solutions and providing management with risk-based guidance to meet organizational needs.

Gain the skills needed to develop a business continuity plan (BCP) and disaster recovery plan (DRP) for an organization through an understanding of identifying adverse events that could potentially threaten an organization’s ability to thrive.

This course is your one source for exam preparation that includes:

Official (ISC)² CISSP-ISSAP Training Handbook
Official (ISC)² CISSP-ISSAP Flash Cards
CISSP-ISSAP Certification Exam Voucher