Detailed Course Outline
Intro
- Overview of how F5XC WAAP protects web apps in any cloud, edge, or on-premises environment
- Defining the core features: WAF, bot defense, DDoS protection, and securing APIs
Module 1: Introduction to Distributed Cloud WAAP and WAF Deployment
- Exploring the security flow through application proxy
- Lab: Deploy Juice Shop (target application) on an HTTP load balancer and configure API endpoint discover
- Create load balancer and connect origin pool to expose Juice Shop application
- Enable API discovery (so that we can discuss API protection and have ready examples)
- Run some traffic and review request log
Module 2: Setting the Stage: Analyzing Web Applications and HTTP
- Overview of web application communication elements
- Overview of HTTP message structure (headers and methods)
- Parsing HTTP requests
- Lab: Exploring the target application
Module 3: Exploiting Web Application Vulnerabilities
- A taxonomy of attacks: the threat landscape
- Common exploits against web applications (OWASP Top 10, OWASP API)
- Lab: Exploiting web application vulnerabilities
- SQL injection
- Cross-site scripting
- Poison byte
- Forceful browsing
Module 4: Mitigating Threats with Web Application Firewall Policies
- Defining web application firewall processing at layer 7
- Applying different protections to a load balancer
- Defining violations and false positives
- Reviewing RFC 2616 as it drives protocol compliance
- Differentiating positive and negative security
- Differentiating blocking and monitoring actions
- Reviewing security event logging
- Defining Threat Campaigns
- Defining Attack Signatures
- Lab: Create App Firewall, enable blocking mode, attach to load balancer
- Lab: Launch XSS attack and observe security processing in the log
- Lab: Launch SQL injection attack and observe security processing in the log
- Lab: Launch poison null byte attack and observe security processing in the log
Module 5: Manage Security Events with Exclusion Rules
- Defining exclusion rules
- Analyzing elements and contexts of exclusion rules
- Lab: Create an Exclusion Rule for Two Attack Signature IDs
Module 6: Mitigating Threats with Service Policies
- Differentiating protections at namespace vs. load balancer levels
- Exploring service policy rules, policies, and policy sets
- Handling traffic flow
- Enforcing layer 7 elements of HTTP processing
- Lab: Practicing service policy protections for geolocation enforcement, file types enforcement, method and path enforcement, and IP address enforcement.
Module 7: Bot Defense
- Classifying and categorizing bots (good/suspicious/malicious)
- Reviewing bot signatures
- Configuring bot defense on the XC load balancer
- Lab: Mitigating an attack from an automated agent (python scripts for bad traffic and credential stuffing/brute force)
Module 8: Mitigate Threats using Machine Learning and Artificial Intelligence
- Defining Malicious User Detection
- TLS fingerprinting
- JavaScript challenges/client side defense
- Lab: Deploying Machine Learning
Module 9: Protecting Your Public APIs
- Defining an API
- Defining API specifications
- Defining a RESTful API
- Recognizing API endpoints
- Defining Shadow APIs
- Defining OpenAPI 3.0 and the Swagger specification
- Analyzing API routing in F5XC
- Analyzing API protection in F5XC
- App firewall (OWASP vulnerabilities)
- CAPTCHA/JS challenges
- Network firewall
- API usage characterizations
- User anomaly detection
- API rate limiting (threshold configuration)
- API Learning
- Endpoint learning
- Schema learning
- Behavioral firewall/business logic markup
- Lab: Machine Learning Lab
- Review discovered APIs
- Configure malicious users mitigation
- Configure user identification
- Configure load balancer
- Test XSS (without WAF policy)
Module 10: API Automation using Postman
- Introduction to Postman
- Defining environments
- Defining collections
- Reviewing variables
- Lab: Use a postman collection to create a WAF policy for a namespace
- Lab: Use a postman collection to create service policies for a shared namespace