Formation F5 Configuring BIG-IP : Application Security Manager

Paramétrer le système BIG-IP

Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Creating an Archive of the BIG-IP System
Leveraging F5 Support Resources and Tools

Utiliser Local Traffic Manager (LTM) pour gérer le trafic

Understanding Traffic Processing with LTM
Overview of Local Traffic Policies and ASM

Découvrir les concepts liés aux applications Web

Anatomy of a Web Application
An Overview of Common Security Methods
Examining HTTP & Web Application Components
Examining HTTP Headers
Examining HTTP Responses
Examining HTML Components
How ASM parses File Types, URLs, & Parameters
Using the Fiddler HTTP proxy tool

Détecter les vulnérabilités des applications Web

Examining the OWASP Top 10 vulnerabilities
Summary of risk mitigation using ASM

Déployer des politiques de sécurité

About Positive and Negative Security Models
Deployment Wizard: Local Traffic Deployment
Deployment Wizard: Configuration settings
Violations and Security Policy Building
Reviewing Violations

Identifier les signatures des attaques

Defining Attack Signatures
Attack Signature Features
Defining Attack Signature Sets
About User-defined Attack Signatures
Updating Attack Signatures
Understanding Attack Signatures and staging

Mettre en place une sécurité positive

Defining Security Policy Components
Security Through Entity Learning
Reviewing Staging and Enforcement
Understanding the Selective mode
Learning Differentiation: Real threats vs. false positives

Comprendre les en-têtes et les cookies

Purposes of ASM Cookies
Understanding Allowed and Enforced Cookies
Configuring security processing on HTTP headers

Créer des rapports

Reporting capabilities in ASM
Generating a PCI Compliance Report
Generating an ASM Security Events Report

Comprendre les rôles utilisateur et administrer la sécurité

Understanding User Roles & Partitions
Editing and Exporting Security Policies
Atelier pratique

Approfondir l'utilisation des paramètres

Defining Parameters
Defining Static Parameters
Configuring Dynamic Parameters and Extractions

Découvrir les modèles d’application

Application-Ready Template Overview

Utiliser Real Traffic Policy Builder

Overview of the Real Traffic Policy Builder
Defining Policy Types
Real Traffic Policy Builder Rules

Utiliser les analyseurs de vulnérabilités

Integrating ASM with Application Vulnerability Scanners
Resolving Vulnerabilities
Using the generic XML scanner output

Mettre en place une saisie obligatoire des informations de connexion et suivre les sessions

Defining Login Pages
Configuring Login Enforcement
Configuring session and user tracking
Defining Flows
Configuring Flow Control

Apprendre à détecter les anomalies

Defining Anomaly Detection
Preventing Brute Force Attacks
Preventing Web Scraping
Geolocation Enforcement
Configuring IP Address Exceptions

Utliser les outils ASM et iRules

Defining iRules and iRule Events
Using ASM iRule Event Modes
iRule Syntax
ASM iRule Commands

Prendre en charge les formats AJAX et JSON

Defining Asynchronous JavaScript and XML
Defining JavaScript Object Notation (JSON)
Configuring a JSON Profile

Prendre en charge les format XML et des services Web

Defining XML
Configuring an XML Profile
XML Attack Signatures