Securing Applications and APIs with F5 Distributed Cloud Services (XC-WAAP)

 

Course Overview

Tentatively named "Protecting Web Applications and APIs with F5 Distributed Cloud WAAP" this is a security course covering all major web application firewall, bot defense, DoS protection, and API discovery/protection components offered through the XC WAAP console with the exception of SOC- based DoS protection. The course explores the header and method elements of HTTP which must be recognized to configure protection from external client vectors. Students will exploit vulnerabilities in the target application in before-and-after learning scenarios. Major topics are web application firewall policies, attack signatures, threat campaigns, and differentiation between positive and negative security. We will address handling violations, false positives, and how to manage security events with exclusion rules. The course then takes a deep dive into controlling HTTP request flows at layer 7 with service policies. We will configure bot defense and threat mitigation using machine learning and artificial intelligence. Additional topics include discovery of public API endpoints and securing those endpoints. The course wraps up with API automation using Postman environments, collections, and variables.

Who should attend

The course is designed for DevOps, SecOps, NetOps, and application developers who have foundational knowledge of F5 Distributed Cloud services.

Prerequisites

Administering Applications in F5 Distributed Cloud Services

Course Objectives

By the end of this course, you will be able to:

  • Deploy and manage F5XC WAAP to mitigate the OWASP Top 10 - via WAF Policy and via Service Policy
  • Deploy F5XC WAAP to mitigate bot traffic
  • Deploy F5XC WAAP to mitigate DDoS attacks at layers 3, 4, and 7
  • Use F5XC WAAP to automatically discover and secure APIs

Course Content

  • Module 1: Introduction to Distributed Cloud WAAP and WAF Deployment
  • Module 2: Setting the Stage: Analyzing Web Applications and HTTP
  • Module 3: Exploiting Web Application Vulnerabilities
  • Module 4: Mitigating Threats with Web Application Firewall Policies
  • Module 5: Manage Security Events with Exclusion Rules
  • Module 6: Mitigating Threats with Service Policies
  • Module 7: Bot Defense
  • Module 8: Mitigate Threats using Machine Learning and Artificial Intelligence
  • Module 9: Protecting Your Public APIs
  • Module 10: API Automation using Postman

Preise & Trainingsmethoden

Online Training

Dauer
3 Tage

Preis
  • auf Anfrage
Klassenraum-Training

Dauer
3 Tage

Preis
  • auf Anfrage
 

Kurstermine

Instructor-led Online Training:   Kursdurchführung online im virtuellen Klassenraum.

Englisch

Zeitzone: Mitteleuropäische Zeit (MEZ)

Online Training Zeitzone: Mitteleuropäische Zeit (MEZ) Kurssprache: Englisch