Need help? Call Customer Support | 800-301-3894

Configuring BIG-IP ASM : Application Security Manager V12.1

Course Details

The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune, and operate BIG-IP Application Security Manager (ASM) to protect their web applications from HTTP-based attacks.

The course includes lecture, hands-on labs, and discussion about different ASM components for detecting and mitigating threats from multiple attack vectors such web scraping, Layer 7 Denial of Service, brute force, bots, code injection, and zero day.

Course Prerequisites

There are no required F5 technology-specific prerequisites for this course.

However, completing one the following before attending would be very helpful for students unfamiliar with BIG-IP:

  •  Administering BIG-IP instructor-led course
  • F5 Certified BIG-IP Administrator

The following web-based courses, although optional, will be very helpful for any student with limited BIG-IP administration and configuration experience:
  • Getting Started with BIG-IP web-based training
  • Getting Started with BIG-IP Local Traffic Manager (LTM) web-based training
  • Getting Started with BIG-IP Application Security Manager (ASM) web-based training

The following general network technology knowledge and experience are recommended before attending any F5 Global Training Services instructor-led course:

  • Web application delivery concepts
  • HTTP and HTTPS protocols
  • General awareness of web application vulnerabilities such as those defined in the OWASP Top Ten


Course Goals

By course completion, the student will be able to implement and understand security policy configuration tasks and configure a security policy based on traffic learning and various security policy building techniques. Additionally, a student will be able to administer and manage Application Security Manager.

Course Agenda

  • Setting Up the BIG-IP System
  • Traffic Processing with BIG-IP
  • Web Application Concepts
  • Web Application Vulnerabilities
  • Security Policy Deployment
  • Policy Tuning and Violations
  • Attack Signatures
  • Positive Security Policy Building
  • Cookies and Other Headers
  • Reporting and Logging
  • User Roles and Policy Modification
  • Lab Project
  • Advanced Parameter Handling
  • Application-Ready Templates
  • Automatic Policy Building
  • Web Application Vulnerability Scanners
  • Login Enforcement & Session Tracking
  • Brute force and Web Scraping Mitigation
  • Layer 7 DoS Mitigation
  • ASM and iRules
  • XML and Web Services
  • Web 2.0 Support: JSON Profiles
  • Review and Final Labs
  • Additional Training and Certification
  • Final Lab Project: Production Scenario Hints
  • Rapid Deployment Methodology
  • L1 and L2 Support Checklist



Please call 312-726-2473 for more information.