Formation F5 Configuring BIG-IP : Application Security Manager
Formation
À Levallois-Perret
Avez-vous besoin d'un coach de formation?
Il vous aidera à comparer différents cours et à trouver la solution la plus abordable.
Description
-
Typologie
Formation
-
Lieu
Levallois-perret
Cette formation enseigne aux administrateurs réseaux et sécurité les méthodes et outils d'Application Security Manager pour sécuriser leurs applications web. A l'issue de ce cours, les particiapnts sauront : - Définir et mettre en place une politique de sécurité des applications pour détecter et atténuer les attaques basées sur le protocole HTTP - Protéger les applications web des différentes catégories d'attaques, notamment les extractions de contenu de site (le « web scraping ») et les attaques DDoS au niveau de la couche 7.
Les sites et dates disponibles
Lieu
Date de début
Date de début
Les Avis
Les matières
- Manager
Le programme
Paramétrer le système BIG-IP
Introducing the BIG-IP System
Initially Setting Up the BIG-IP System
Creating an Archive of the BIG-IP System
Leveraging F5 Support Resources and Tools
Understanding Traffic Processing with LTM
Overview of Local Traffic Policies and ASM
Anatomy of a Web Application
An Overview of Common Security Methods
Examining HTTP & Web Application Components
Examining HTTP Headers
Examining HTTP Responses
Examining HTML Components
How ASM parses File Types, URLs, & Parameters
Using the Fiddler HTTP proxy tool
Examining the OWASP Top 10 vulnerabilities
Summary of risk mitigation using ASM
About Positive and Negative Security Models
Deployment Wizard: Local Traffic Deployment
Deployment Wizard: Configuration settings
Violations and Security Policy Building
Reviewing Violations
Defining Attack Signatures
Attack Signature Features
Defining Attack Signature Sets
About User-defined Attack Signatures
Updating Attack Signatures
Understanding Attack Signatures and staging
Defining Security Policy Components
Security Through Entity Learning
Reviewing Staging and Enforcement
Understanding the Selective mode
Learning Differentiation: Real threats vs. false positives
Purposes of ASM Cookies
Understanding Allowed and Enforced Cookies
Configuring security processing on HTTP headers
Reporting capabilities in ASM
Generating a PCI Compliance Report
Generating an ASM Security Events Report
Understanding User Roles & Partitions
Editing and Exporting Security Policies
Atelier pratique
Defining Parameters
Defining Static Parameters
Configuring Dynamic Parameters and Extractions
Application-Ready Template Overview
Utiliser Real Traffic Policy Builder Overview of the Real Traffic Policy Builder
Defining Policy Types
Real Traffic Policy Builder Rules
Integrating ASM with Application Vulnerability Scanners
Resolving Vulnerabilities
Using the generic XML scanner output
Defining Login Pages
Configuring Login Enforcement
Configuring session and user tracking
Defining Flows
Configuring Flow Control
Defining Anomaly Detection
Preventing Brute Force Attacks
Preventing Web Scraping
Geolocation Enforcement
Configuring IP Address Exceptions
Defining iRules and iRule Events
Using ASM iRule Event Modes
iRule Syntax
ASM iRule Commands
Defining Asynchronous JavaScript and XML
Defining JavaScript Object Notation (JSON)
Configuring a JSON Profile
Defining XML
Configuring an XML Profile
XML Attack Signatures
Avez-vous besoin d'un coach de formation?
Il vous aidera à comparer différents cours et à trouver la solution la plus abordable.
Formation F5 Configuring BIG-IP : Application Security Manager