F5 303 Exam Preparation - F5 BIG-IP ASM/WAF Specialist

Build and explore the F5 BIG-IP ASM/WAF lab using VMware ESXi or VMware Workstation, with free courses and a quick guide to provisioning the HACKET auction site.

Explore a lab topology for F5 Big-IP ASM/WAF: configure a new virtual server and pool, route client traffic to an auction site, and manage devices over the 192.168.254.0/24 network.

Download the lab resources, unzip the zip file, and verify two directories: slides with presentation files and ASME files with sample XML vulnerabilities and scripts.

Navigate deployment workflow to configure a security policy, balancing learning mode, enforcement mode, application language, and server technologies, with signature staging and a seven-day enforcement readiness period.

Enable the log profile under security tab policies to capture HTTP events, view event logs with headers and user agents, and filter by illegal requests and security policies.

Protect data from cryptographic failures by applying data guard to mask sensitive information in HTTP responses, including credit cards and social security numbers.

Demonstrates enabling and testing data guard on F5 BIG-IP ASM/WAF, showing how credit card data is masked, applying policy changes, and reviewing data guard violation logs.

Observe HTTP traffic after initial policy setup, progressively enforce rules, and tune the WAF to reduce false positives by distinguishing entity violations from item violations.

Discover how signature inspection buffers HTTP requests using URI content, value content (query strings, post body, cookies), header content, and the entire request, with normalization before the signature engine.

Explore attack signature structure in F5 BIG-IP ASM/WAF, combining multiple conditions across content, header, and URI buffers with no case and object only options to form precise signatures.

Create a user defined attack signature in the signature pool, build a hacker set for other application attacks on var system, attach it to a security policy, and verify violations.

Explore positive security policy building within the F5 BIG-IP ASM/WAF framework, offering a concise overview to aid exam preparation.

Apply a positive security model to HTTP transactions by constraining file types, URLs, and parameters and gradually allow only approved entities, including file extensions, methods, and input lengths.

Explain how ASEM processes cookies, distinguishing allowed and enforced cookies. See how session cookies, encrypted and signed by ASEM, are handled, and tampering triggers the 'modified the main cookie' violation.

Demonstrates header tampering on the HTTP referrer to trigger attack signatures in F5 BIG-IP ASM/WAF, enabling enforcement and showing blocked requests with event logs.

Get an overview of reporting and logging for the F5 BIG-IP ASM/WAF specialist course, aligned with exam preparation.

Shows how to produce PCI compliance reports for F5 BIG-IP, enable https on a new https vts, and map rapid deploy policies to achieve encrypt transmission of cardholder data.

Explore how logging profiles on a virtual server filter traffic, enable logging for illegal requests, and configure storage as local or remote using CSV, key-value, or common event format.

Create a rapid deploy log profile enabling application security to send local and remote logs to a syslog server via UDP 514. Observe audit events as you apply blocking policies.

Compare two security policies using policy diff to contrast file types, server technologies, and learning settings; learn how to merge configurations and apply policies in F5 BIG-IP ASM/WAF.

Export and compare compact and non-compact XML configurations, switch enforcement to transparent, set max http header length to 5000, remove 503, and import the updated XML to replace policy B.

Create and apply a static parameter protection policy, learn and restrict parameter values, and observe blocking of illegal static parameter values like wire transfer, with logging.

Copy the static param security policy to a dynamic param policy, bind it to the virtual server, and enable extraction for the nick parameter to prevent illegal dynamic parameter values.