Professional Documents
Culture Documents
F5 ASM 303 Tech Guide PDF
F5 ASM 303 Tech Guide PDF
References
(Ref:1) Stuttard, Dafydd and Pinto, Marcus. 2008. The Web Application Hacker’s
Handbook: Discovering and Exploiting Security Flaws. Wiley Publishing, Inc.
Indianapolis, IN 46256. ISBN 978-0-470-17077-9
Release notes: http://support.f5.com/kb/en-us/products/big-
ip_asm/releasenotes/product/relnote-asm-11-4-0.html
Manual: http://support.f5.com/kb/en-us/products/big-
ip_asm/manuals/product/asm-config-11-4-0.html
Objective 1.02 Explain how specific security policies mitigate various web
application attacks
http://www.f5.com/pdf/white-papers/vulnerability-assessment-asm-wp.pdf
http://www.f5.com/pdf/white-papers/big-ip-asm-ips-differences-wp.pdf
Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment
Tools and Application Templates
Example: Explain how specific security policies mitigate various web application attacks
Instructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack Signatures
Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy Building
Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools and
Application Templates
https://devcentral.f5.com/blogs/us/why-developers-should-demand-web-app-firewalls
Objective 1.05 Determine the most appropriate deployment method for a given
set of requirements
Example: Determine the appropriate deployment method when a “canned” deployment
method is not applicable.
Example: Evaluate the implications of changes in the policy to the security and
vulnerabilities of the application
Instructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack
Signatures
Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy Building
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-
11-4-0.html
Objective 1.06 Evaluate the implications of changes in the policy to the security
and vulnerabilities of the application (Same as Example 2?)
Example: Determine the rate of change of the application
Example: Explain the trade-offs between security, manageability, false positives, and
performance
Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy Building
Instructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack
Signatures
Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy Building
Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools
and Application Templates
http://www.f5.com/pdf/deployment-guides/implementing-security-policy-dg.pdf
http://support.f5.com/kb/en-us/products/big-
ip_asm/manuals/product/bigipasm9_4/BIG_IP_9_4_ASM_Config_Gd-07-
1.html#wp1031040
Instructor Led Training: Configuring ASM: Module 12: Real Traffic Policy Builder
Objective 2.03 Review and evaluate rules based on information gathered from
ASM (e.g., attack signatures, DataGuard, parameters, entities)
http://www.f5.com/pdf/deployment-guides/implementing-security-policy-dg.pdf
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-3-
0/asm_parameters.html?sr=30303001
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-3-
0/asm_wildcard.html?sr=30303001
Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy Building
Objective 2.04 Refine policy structure for policy elements (e.g., URLs,
parameters, files types, headers, sessions and logins, content profiles, CSRF
protection, anomaly protection)
Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy Building
Instructor Led Training: Configuring ASM: Module 13: Advanced Topics
Objective 2.05 Explain the process to integrate and configure natively supported
third-party vendors and generic formats with ASM (e.g., difference between
scanning modes, iCAP)
Example: Upload scan results from a third-party vendor into the ASM GUI.
Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools
and Application Templates
sol12984: BIG-IP ASM does not send requests to ICAP servers that exceed the
maximum request size : http://support.f5.com/kb/en-
us/solutions/public/12000/900/sol12984
sol12128: The URI of an Internet Content Adaptation Protocol server for antivirus
protection is hard-coded: http://support.f5.com/kb/en-
us/solutions/public/12000/100/sol12128.html
Objective 2.06 Determine whether the rules are being implemented effectively
and appropriately to mitigate the violations
Example: Determine the appropriate violations to be enforced.
Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy Building
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-2-
0/asm_monitoring.html#1046608
sol13238: The BIG-IP ASM bd process may crash when the remote logging profile
server is unavailable: http://support.f5.com/kb/en-
us/solutions/public/13000/200/sol13238.
sol6994: Configuring the BIG-IP ASM to send forensics data to a remote syslog
server: http://support.f5.com/kb/en-us/solutions/public/6000/900/sol6994
sol10651: BIG-IP ASM syslog request format : http://support.f5.com/kb/en-
us/solutions/public/10000/600/sol10651.html
sol14020: BIG-IP ASM daemons (11.x): http://support.f5.com/kb/en-
us/solutions/public/14000/000/sol14020.html
http://www.thef5guy.com/blog/2009/05/big-ip-asm-4100-processes
Instructor Led Training: Configuring ASM: Module 4: ASM Configuration
http://www.thef5guy.com/blog/2009/05/big-ip-asm-4100-processes
https://devcentral.f5.com/tech-tips/articles/big-ip-logging-and-reporting-toolkit-part-one
sol14020: BIG-IP ASM daemons (11.x): http://support.f5.com/kb/en-
us/solutions/public/14000/000/sol14020.html
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-2-
0/asm_apx_remote_logging_formats.html#1027259
Objective 3.02 Determine how a policy should be adjusted based upon available
data (e.g., learning suggestions, log data, application changes, traffic type, user
requirements)
Section 4
Objective 4.01 Describe the lifecycle of attack signatures
sol11303: Updated signatures are automatically removed from blocking mode and
placed into staging mode http://support.f5.com/kb/en-
us/solutions/public/11000/300/sol11303.html
sol8517: Enabling attack signatures that were not triggered during the staging
process: http://support.f5.com/kb/en-us/solutions/public/8000/500/sol8517.html
https://devcentral.f5.com/tech-tips/articles/asm-custom-signatures-oh-
my#.UcsPGT5gau8
Objective 4.03 Identify key ASM performance metrics (e.g., CPU report, memory
report, process requests, logging)
sol12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x):
http://support.f5.com/kb/en-us/solutions/public/12000/800/sol12878.html
sol10227: BIG-IP ASM daemons (9.x - 10.x): http://support.f5.com/kb/en-
us/solutions/public/10000/200/sol10227.html
Objective 4.05 Identify and gather information relevant to evaluating the activity
of an ASM implementation
Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy Building
https://devcentral.f5.com/community/group/aft/2166089/asg/39#2274656
Example: Solve issues that are illustrated in the PCI compliance report
Example: Recognize the importance of trends and communicate to the necessary
stakeholders
Example: Explain risk management and the balance between availability and security
Instructor Led Training: Configuring ASM: Module 7: Application Visibility and Reporting
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-
implementations-11-3-0.pdf?sr=30303269
http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-4-
0.html
Objective 4.09 Define the ASM policy management functions (e.g., auditing,
merging, reverting, import, and export)