Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Subscribe
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Ultimate F5 ASM/WAF Training from Beginner to Expert 2026
Rating: 4.3 out of 5(1,030 ratings)
6,763 students

Ultimate F5 ASM/WAF Training from Beginner to Expert 2026

Learn F5 ASM (Application Security Manager) /or F5 WAF ( Web Application Firewall ) with Step-by-Step LAB sessions
Created byYugendhira M
Last updated 3/2026
English

What you'll learn

  • In-depth knowledge about BIG-IP F5 ASM (Application Security Manager) / F5 WAF (Web Application Firewall) with the help of step by step LAB sessions.
  • Strong and extensive knowledge to build a strong security policy to protect the web applications that is behind F5 WAF
  • Extensive knowledge about OWASP Top 10 Web Application Attacks and Vulnerabilities
  • Configure strong security policy to mitigate web application attacks
  • Configure and Manage F5 ASM / WAF

Course content

2 sections51 lectures11h 42m total length

  • Introduction about F5 ASM / WAF13:22
  • Udemy Tips for Better Learning Experience3:29
  • Advantages of WAF ( Web Application Firewall )19:56

    Explore why traditional firewalls fail to protect web applications and how a web application firewall inspects traffic at layer 7 to enforce security policies, block breaches, and safeguard web servers.

  • LAB setup video details0:25
  • Download the PPT here0:11
  • Understanding the ASM Traffic Flow5:49
  • Understanding WEB application concepts25:46

    Explore the core web application concepts, including the three main components—web server, application server, and database server—and how the browser enables client–server interaction through http methods.

  • SQL Injection Attack12:49
  • Parameter Tampering Attack10:29
  • Sensitive Data Exposure Vulnerability9:45
  • Cross Site Scripting Attack14:25
  • Forceful Browsing Attack4:06

    Discover forceful browsing, an attack that edits the URL to access pages and files not intended for public view. It can expose configurations, backups, and sensitive user information.

  • Hidden Field Manipulation Attack10:30
  • Please Support !!!0:19
  • Cookie Poisoning or Session Hijacking Attack7:12
  • Security Misconfiguration Attack13:37

    Guard against security misconfiguration by hardening default configurations and removing default credentials. Use development and production credentials, close unnecessary ports, avoid error messages, and patch promptly with vulnerability scans.

  • Broken Authentication Attack16:49
  • Buffer Over Flow Attack6:24
  • Insufficient Logging & Monitoring Vulnerability8:00
  • Positive & Negative Security Policy14:41
  • Work flow of Security Policy28:23
  • Advanced Security Policy Work Flow11:40
  • Security Policy Deployment20:56

    Create and deploy a rapid deployment template security policy for ASM/WAF, associate it with a virtual server, and review logging to understand traffic and test policy behavior.

  • Violation26:40
  • Data Guard feature29:07

    Understand how data guard masks sensitive data, such as credit cards and social security numbers, using built-in and custom patterns. Toggle between transparent and blocking modes to prevent leaks.

  • Please Support !!!0:18
  • Positive Security Policy Building10:11
  • Blocking illegal request with security policy27:22
  • Learning Schemes16:38
  • File Type handling security policy16:38

    Define and implement a positive security model for file type handling by creating a security policy, configuring manual learning, and applying learning schemes like wildcard, selective, compact, and always.

  • Parameters - Security policy26:31
  • Cookies hardening - Security policy16:09
  • HTTP methods & Headers - Security policy12:44
  • Dynamic Parameters - Security Policy16:53
  • Reporting features in F5 ASM / WAF17:04
  • Logging functions of F5 ASM / WAF22:15
  • Understanding Policy Diff27:01
  • Different methods of Deployment8:57
  • Layered Policies26:08

    Explore layered policies by building parent and child security policies, inheriting settings, and choosing inheritance modes: mandatory, optional, or none, to control data protection across applications.

  • Application Ready Templates4:40
  • Please Support !!!0:19
  • Login Enforcement15:36
  • Brute Force Attack - Part 115:53
  • Brute Force Attack - Part 27:16
  • Session Tracking21:36

    Enable session tracking with session awareness to assign a per-session ID and monitor user activity. Configure thresholds to log requests (all or illegal) and block after two violations within five minutes.

  • Geo Location Enforcement12:24
  • DOS Attack & BOT defense Protection19:00

Requirements

  • Basic Knowledge about computer and Networks

Description

I believe my step-by-step training along with the detailed explanation & the Hands on practical demonstration in LAB will help you to understand and gain extensive knowledge about F5 ASM / WAF in detail and will gives you the confident to design, deploy, manage and troubleshoot any issues in F5 infrastructure on your own.


As per the recent survey out of 50 fortune companies, 49 companies are using BIG-IP product. As an Application Delivery Controller this device keep the application available anytime, Secure and Fast. As a Reverse proxy setup it provides the secure communication between the end user and the backend servers.


In this course, we will explore together the most common attacks against web applications, referred to as OWASP TOP 10, and learn how to exploit these vulnerabilities so that you have a solid background in order to protect your assets. You will:

- Discover OWASP Top attacks and how they are performed and the tricks and techniques related to them.

- Learn to get information about a target domain and search for potential victims.

I will teach you the 10 most common threats identified by the Open Web Application Security Project (OWASP). At the end of the course you will learn:

1) what the OWASP top 10 threats are,
2) the impact per security threat for your business
3) how these security threats can be executed by attackers / pentesters / hackers
4) how these security threats can be mitigated

You will able to understand the above-mentioned points without having to understand code.

You will learn about the  Web Application Firewall commonly referred as WAF / Application Security Manager ( ASM ) that is used to mitigate the web application hacking attack and vulnerability.


If you like the course, please give a rating and recommend to you friends.


DISCLAIMER: We are NOT the official training partner of F5 Inc.

Who this course is for:

  • Network Engineers
  • Network Security Engineer
  • Application Security Engineer
  • People who want to learn Network Security

Report abuse