Course Details

This four-day course covers how to mitigate and prevent attacks on web applications using Application Security Manager. The course covers installation, configuration, management, security policy building, traffic learning, and implementation of Application Security Manager in both stand-alone and modular configurations. This class includes lectures, labs, demonstrations, and discussions.

Course Prerequisites

Students should understand:

• Basic HTTP and HTML concepts
• Basic security concepts
• Common network terminology
• Web application terminology

In addition, students should be proficient in:

• Basic PC operation and application skills, including Linux and Windows OS
• Basic Web browser operation (Internet Explorer and Mozilla Firefox are used in class)

Course Goals

By course completion, the student will be able to implement and understand security policy configuration tasks and configure a security policy based on traffic learning and various security policy building techniques. Additionally, a student will be able to administer and manage Application Security Manager.

Course Agenda

Course topics include:

• Web application security concepts
• HTTP and HTML concepts
• Web application vulnerabilities
• Security policy deployment scenarios
• Rapid deployment
• Positive security policy deployment
• Manual traffic learning
• Attack signatures and staging
• Configuration backup
• Logging and Reporting
• User roles and administration
• Advanced parameter handling
• Application-ready templates
• Real Traffic Policy Builder
• Web application vulnerability scanner integration
• Login enforcement, session tracking & flows
• Anomaly detection
• Web scraping protection
• Layer 7 Denial of Service protection
• Geolocation enforcement
• ASM and iRules
• IP address exclusions
• XML and web services protection
• AJAX/JSON support
• L7 local traffic policy management