Entre Technology Services, LLC.



F5 Configuring BIG-IP ASM v11: Application Security Manager

Upcoming Dates

F5 Configuring BIG-IP ASM v11: Application Security Manager

Course Specifications

Course Length: 4 days
Format: Virtual Live, Hands-On, Instructor-Led
Rate: $3,995
Call 406-256-5700 or email entretraining@entremt.com for customized training or group pricing
Registration: Call 406-256-5700 or email entraining@entremt.com


This four-day course covers ways to manage web-based and XML application attacks and the use of Application Security Manager to defend against these attacks. The course covers installation, configuration, management, security policy building, traffic learning, and implementation of Application Security Manager in both stand-alone and modular configurations. This class includes lectures, labs, demonstrations, and discussions.

Audience Profile

This course is intended for security and network administrators who will be responsible for the installation and day-to-day maintenance of the Application Security Manager.

At Course Completion

After completing this course, students will learn:

  • How to setup the BIG-IP System
  • APM Traffic Processing with BIG-IP
  • Web Application Concepts
  • Web Application Vulnerabilities
  • Security Policy Deployment
  • Attack Signatures
  • Positive Security Policy Building
  • Cookies and other Headers
  • Reporting and Logging
  • User Roles, policy modification, and other deployments
  • Advanced Parameter Handling
  • Application–ready Template
  • Web Application Vulnerability Scanners
  • Login Enforcement, Session Tracking, and Flows
  • Anomaly Detection
  • ASM and iRules
  • AJAX and JSON Support
  • XML and web services


Administering BIG-IP; basic familiarity with HTTP, HTML and XML; basic web application and security concepts.

Course Outline

Lesson 1: Setting up the BIG-IP System

  • Introducing the BIG-IP System
  • Initially Setting Up the BIG-IP System
  • Configuring the Management Interface
  • Provisioning Modules and Resources
  • Importing a Device Certificate
  • Specifying BIG-IP Platform Properties
  • Configuring the Network
  • Configuring NTP Servers
  • Configuring DNS Settings
  • Configuring High Availability Options
  • Configuring a Standard Pair
  • Creating an Archive of the BIG-IP System
  • Leveraging F5 Support Resources and Tools

Lesson 2: Traffic Processing with BIG-IP

  • Understanding Traffic Processing with LTM
  • Understanding Network Packet Flow
  • Understanding Profiles and ASM
  • Overview of Local Traffic Policies and ASM

Lesson 3: Web Application Concepts

  • Anatomy of a web application
  • An Overview of Common Security Methods
  • Examining HTTP and Web Application Components
  • Examining HTTP Headers
  • Examining HTTP Responses
  • Examining HTML Components
  • How ASM Parses File Types, URLs, and Parameters
  • Using the Fiddler HTTP proxy tool

Lesson 4: Web Application Vulnerabilities

  • OWASP Top 10 (2013)

Lesson 5: Security Policy Deployment

  • About Positive and Negative Security Models
  • Deployment Wizard: Policy creation scenarios
  • Features of the Rapid Deployment template
  • Deployment Wizard: Local Traffic Deployment
  • Deployment Wizard: Configuration Settings
  • Enforcement Settings
  • Reviewing Requests
  • Violations and Security Policy Building
  • Reviewing Violations
  • Security Policy Blocking Settings
  • Configuring the Blocking Response Page
  • Configuring Data Guard

Lesson 6 : Policy Tuning and Violations

  • Post-Configuration Traffic Processing
  • Defining False Positives
  • How Violations are Categorized
  • Violation Ratings
  • Enforcement Settings and Staging: Policy Control
  • Defining Signature Staging
  • Defining Enforcement Readiness Period
  • Defining Learning
  • Violations and Learning Suggestions
  • Learning Mode: Automatic or Manual
  • Defining Learn, Alarm and Block settings
  • Interpreting Enforcement Readiness Summary
  • Configuring the Blocking Response Page

Lesson 7: Attack Signatures

  • Defining Attack Signatures
  • Creating User-Defined Attack Signatures
  • Attack Signature Normalization
  • Attack Signature Structure
  • Defining Attack Signature Sets
  • Defining Attack Signature Pools
  • Updating Attack Signatures
  • Understanding Attack Signatures and Staging

Lesson 8: Positive Security Policy Building

  • Defining Security Policy Components
  • Choosing an Explicit Entities Learning Scheme
  • How to learn: Add All Entities
  • Staging and Entities: The Entity Lifecycle
  • How to Learn: Never (Wildcard Only)
  • How to Learn: Selective
  • Learning Differentiation: Real Threats vs. False positives

Lesson 9: Cookies and other Headers

  • Purpose of ASM Cookies
  • Understanding Allowed and Enforced Cookies
  • Configuring security processing on HTTP headers

Lesson 10: Reporting and Logging

  • Reporting Capabilities in ASM
  • Viewing DoS Reports
  • Generating an ASM Security Events Report
  • Viewing Log files and Local Facilities
  • Understanding Logging Profile

Lesson 11: User Roles and Policy Modification

  • Understanding User Roles and Partitions
  • Comparing Policies
  • Editing and Exporting Security Policies
  • Examples of ASM Deployment Types
  • Overview of ASM Synchronization
  • Collecting diagnostic data with asmqkview

Lesson 12: Lab Project 1

Lesson 13: Advanced Parameter Handling

  • Defining Parameters
  • Defining Static Parameters
  • Understanding Dynamic Parameters and Extractions
  • Defining Parameter Levels
  • Understanding Attack Signatures and Parameters

Lesson 13: Application–ready Templates

  • Application-Ready Template Overview

Lesson 14 : Application-Ready Templates

  • Application Template Overview

Lesson 15 : Automatic Policy Building

  • Overview of Automatic Policy Building
  • Choosing a Policy Type
  • Defining Policy Building Process Rules
  • Defining the Learning Score

Lesson 16: Web Application Vulnerability Scanners

  • Integrating ASM with Application Vulnerability Scanners
  • Importing Vulnerabilities
  • Resolving Vulnerabilities
  • Using the generic XML scanner output

Lesson 17: Login Enforcement & Session Tracking

  • Defining Login Pages
  • Defining Session Awareness and User Tracking

Lesson 18 : Brute force and Web Scraping Mitigation

  • Defining Anomalies
  • Mitigating Brute Force Attacks
  • Defining Session-Based Brute Force Protection
  • Defining Dynamic Brute Force Protection
  • Defining the Prevention Policy
  • Mitigating Web Scraping
  • Defining Geolocation Enforcement
  • Configuring IP Address Exceptions

Lesson 19 : Layer 7 DoS Mitigation

  • Defining Denial of Service Attacks
  • Defining General Settings L7 DoS Profile
  • Defining TPS-Based DoS Protection
  • Defining Operation Mode
  • Defining Mitigation Methods
  • Defining Stress-Based Detection
  • Defining Proactive Bot Defense
  • Using Bot Signatures

Lesson 20: ASM and iRules

  • Defining iRules and iRule events
  • Using ASM iRule Event Modes
  • iRule syntax
  • ASM iRule Commands

Lesson 21: XML and web services

  • Defining XML
  • Defining Web Services
  • Configuring an XML profile
  • Schema and WSDL Configuration
  • XML Attack Signatures
  • Using Web Services Security

Lesson 22 : Web 2.0 Support: JSON Profiles

  • Defining Asynchronous JavaScript and XML
  • Defining JavaScript Object Notation
  • Configuring a JSON Profile

Lesson 23: Review and Final Lab Projects

Lesson 24: Additional Training and Certifications