Course Overview
Tentatively named "Protecting Web Applications and APIs with F5 Distributed Cloud WAAP" this is a security course covering all major web application firewall, bot defense, DoS protection, and API discovery/protection components offered through the XC WAAP console with the exception of SOC- based DoS protection. The course explores the header and method elements of HTTP which must be recognized to configure protection from external client vectors. Students will exploit vulnerabilities in the target application in before-and-after learning scenarios. Major topics are web application firewall policies, attack signatures, threat campaigns, and differentiation between positive and negative security. We will address handling violations, false positives, and how to manage security events with exclusion rules. The course then takes a deep dive into controlling HTTP request flows at layer 7 with service policies. We will configure bot defense and threat mitigation using machine learning and artificial intelligence. Additional topics include discovery of public API endpoints and securing those endpoints. The course wraps up with API automation using Postman environments, collections, and variables.
Who should attend
The course is designed for DevOps, SecOps, NetOps, and application developers who have foundational knowledge of F5 Distributed Cloud services.
Prerequisites
Administering Applications in F5 Distributed Cloud Services
Course Objectives
By the end of this course, you will be able to:
- Deploy and manage F5XC WAAP to mitigate the OWASP Top 10 - via WAF Policy and via Service Policy
- Deploy F5XC WAAP to mitigate bot traffic
- Deploy F5XC WAAP to mitigate DDoS attacks at layers 3, 4, and 7
- Use F5XC WAAP to automatically discover and secure APIs
Course Content
- Module 1: Introduction to Distributed Cloud WAAP and WAF Deployment
- Module 2: Setting the Stage: Analyzing Web Applications and HTTP
- Module 3: Exploiting Web Application Vulnerabilities
- Module 4: Mitigating Threats with Web Application Firewall Policies
- Module 5: Manage Security Events with Exclusion Rules
- Module 6: Mitigating Threats with Service Policies
- Module 7: Bot Defense
- Module 8: Mitigate Threats using Machine Learning and Artificial Intelligence
- Module 9: Protecting Your Public APIs
- Module 10: API Automation using Postman