F5 Certified! 303 ASM Technology Specialist CERTIFICATION .
2y ago
102 Views
1 Downloads
664.22 KB
9 Pages
Report/dmca
Download PDF

Transcription

F5 Certified! 303 ASM Technology SpecialistCERTIFICATION RESOURCE GUIDEPurpose of this DocumentThis document outlines topic areas covered on the F5 ASM SpecialistsCertification Exam and resources available to help prepare test takers.References(Ref:1) Stuttard, Dafydd and Pinto, Marcus. 2008. The Web Application Hacker’sHandbook: Discovering and Exploiting Security Flaws. Wiley Publishing, Inc.Indianapolis, IN 46256. ISBN 978-0-470-17077-9Release notes: http://support.f5.com/kb/en-us/products/bigip nual: http://support.f5.com/kb/en-us/products/bigip asm/manuals/product/asm-config-11-4-0.htmlJoin the F5 Certified! Community on LinkedIn for more community createdstudy guides. 2014 F5 Networks, Inc.

ASM 303 Study GuideSection 1: Assess security needs and choose anappropriate ASM policyObjective 1.01 Explain the potential effects of common attacks on webapplications.Example: Summarize the OWASP Top TenExample: Describe how ASM addresses the OWASP Top Tenhttps://www.owasp.org/index.php/Category:OWASP Top Ten s/f5-security-on-owasp-top-10Instructor Led Training: Configuring ASM: Module 3: Web ApplicationVulnerabilities.Objective 1.02 Explain how specific security policies mitigate various webapplication attacksObjective 1.03 Determine which ASM mitigation is appropriate for a particularvulnerabilityExample: Explain the purpose of vulnerability assessment tor Led Training: Configuring ASM: Module 11: Vulnerability AssessmentTools and Application TemplatesObjective 1.04 Choose the appropriate features and granularityExample: Describe the relationship between security policy and applicationdevelopmentExample: Explain how specific security policies mitigate various web application attacksInstructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack SignaturesInstructor Led Training: Configuring ASM: Module 6: Positive Security Policy BuildingInstructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools andApplication velopers-should-demand-web-app-firewallsASM 303 Study Guide. 2

ASM 303 Study GuideObjective 1.05 Determine the most appropriate deployment method for a givenset of requirementsExample: Determine the appropriate deployment method when a “canned” deploymentmethod is not applicable.Example: Evaluate the implications of changes in the policy to the security andvulnerabilities of the applicationInstructor Led Training: Configuring ASM: Module 5: Rapid Deployment and AttackSignaturesInstructor Led Training: Configuring ASM: Module 6: Positive Security Policy g-ip Objective 1.06 Evaluate the implications of changes in the policy to the securityand vulnerabilities of the application (Same as Example 2?)Example: Determine the rate of change of the applicationExample: Explain the trade-offs between security, manageability, false positives, andperformanceInstructor Led Training: Configuring ASM: Module 6: Positive Security Policy BuildingSection 2: Create and customize policies.Objective 2.01 Determine the appropriate criteria for initial policy definition basedon application requirements (e.g. wildcards, violations, entities, signatures, userdefined signaturesExample: Define the policy based on application requirementsInstructor Led Training: Configuring ASM: Module 5: Rapid Deployment and AttackSignaturesInstructor Led Training: Configuring ASM: Module 6: Positive Security Policy BuildingInstructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Toolsand Application TemplatesObjective 2.02 Explain the policy builder lifecycleASM Study Guide 303. 3

ASM 303 Study m/kb/en-us/products/bigip asm/manuals/product/bigipasm9 4/BIG IP 9 4 ASM Config Gd-071.html#wp1031040Instructor Led Training: Configuring ASM: Module 12: Real Traffic Policy BuilderObjective 2.03 Review and evaluate rules based on information gathered fromASM (e.g., attack signatures, DataGuard, parameters, 5.com/kb/en-us/products/big-ip asm/manuals/product/asm-config-11-30/asm parameters.html?sr g-ip asm/manuals/product/asm-config-11-30/asm wildcard.html?sr 30303001Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy BuildingObjective 2.04 Refine policy structure for policy elements (e.g., URLs,parameters, files types, headers, sessions and logins, content profiles, CSRFprotection, anomaly protection)Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy BuildingInstructor Led Training: Configuring ASM: Module 13: Advanced TopicsObjective 2.05 Explain the process to integrate and configure natively supportedthird-party vendors and generic formats with ASM (e.g., difference betweenscanning modes, iCAP)Example: Upload scan results from a third-party vendor into the ASM GUI.Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Toolsand Application Templatessol12984: BIG-IP ASM does not send requests to ICAP servers that exceed themaximum request size : 00/900/sol12984ASM Study Guide 303. 4

ASM 303 Study Guidesol12128: The URI of an Internet Content Adaptation Protocol server for antivirusprotection is hard-coded: 00/100/sol12128.htmlObjective 2.06 Determine whether the rules are being implemented effectivelyand appropriately to mitigate the violationsExample: Determine the appropriate violations to be enforced.Instructor Led Training: Configuring ASM: Module 6: Positive Security Policy BuildingObjective 2.07 Explain reporting and remote logging capabilitiesExample: Determine whether the remote logger is accessibleExample: Determine the level of logging (i.e., all logs illegal requests, or big-ip asm/manuals/product/asm-config-11-20/asm monitoring.html#1046608sol13238: The BIG-IP ASM bd process may crash when the remote logging profileserver is unavailable: 00/200/sol13238.sol6994: Configuring the BIG-IP ASM to send forensics data to a remote syslogserver: 00/900/sol6994sol10651: BIG-IP ASM syslog request format : 00/600/sol10651.htmlsol14020: BIG-IP ASM daemons (11.x): 009/05/big-ip-asm-4100-processesInstructor Led Training: Configuring ASM: Module 4: ASM ConfigurationSection 3: Maintain policyObjective 3.01 Interpret log entries to identify opportunities to refine the policyExample: Describe the various logs and formatsExample: Identify the current state of the policy (e.g., violation status, blocking mode)ASM Study Guide 303. 5

ASM 303 Study art-onesol14020: BIG-IP ASM daemons (11.x): /products/big-ip asm/manuals/product/asm-config-11-20/asm apx remote logging formats.html#1027259Objective 3.02 Determine how a policy should be adjusted based upon availabledata (e.g., learning suggestions, log data, application changes, traffic type, userrequirements)Example: React to changes in the web application infrastructureExample: Adjust the policy to address application changessol11914: Updating a BIG-IP ASM Security Policy when your website changes 1000/900/sol11914.htmlInstructor Led Training: Configuring ASM: Module 6: Positive Security Policy BuildingSection 4Objective 4.01 Describe the lifecycle of attack signaturessol8217: Updating the BIG-IP ASM attack signatures: 0/200/sol8217.htmlsol11303: Updated signatures are automatically removed from blocking mode andplaced into staging mode: /products/bigip asm/manuals/product/config guide asm 10 2 0.htmlObjective 4.02 Evaluate the impact of new or updated attack signatures onexisting security policiessol8217: Updating the BIG-IP ASM attack signatures: 0/200/sol8217.htmlASM Study Guide 303. 6

ASM 303 Study Guidesol11303: Updated signatures are automatically removed from blocking mode andplaced into staging mode 00/300/sol11303.htmlsol8517: Enabling attack signatures that were not triggered during the stagingprocess: au8Objective 4.03 Identify key ASM performance metrics (e.g., CPU report, memoryreport, process requests, logging)Example: Identify key ASM performance metricsExample: Adjust the policy to address application changesExample: Identify sources of resource consumption (e.g., large file uploads)Objective 4.04 Interpret ASM performance metrics and draw conclusionssol12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - lic/12000/800/sol12878.htmlsol10227: BIG-IP ASM daemons (9.x - 10.x): 00/200/sol10227.htmlObjective 4.05 Identify and gather information relevant to evaluating the activityof an ASM implementationObjective 4.06 Interpret the activity of an ASM implementation to determine itseffectivenessExample: Demonstrate the understanding of growth trajectories for appropriate ongoingoperationsExample: Appraise the ASM-specific system resources (e.g., box capacity)ASM Study Guide 303. 7

ASM 303 Study GuideInstructor Led Training: Configuring ASM: Module 6: Positive Security Policy aft/2166089/asg/39#2274656Objective 4.07 Differentiate between blocking and transparent featuresExample: Recognize the components of a PCI compliance reportInstructor Led Training: Configuring ASM: Module 7: Application Visibility and Reportingsol8363: Using the Mask Data setting to protect sensitive data returned by theBIG-IP ASM: 00/300/sol8363.htmlObjective 4.08 Evaluate whether a security policy is performing per requirements(i.e., blocking, transparent, or other relevant security features)Example: Solve issues that are illustrated in the PCI compliance reportExample: Recognize the importance of trends and communicate to the necessarystakeholdersExample: Explain risk management and the balance between availability and securityInstructor Led Training: Configuring ASM: Module 7: Application Visibility and ig-ip sr g-ip asm/manuals/product/asm-config-11-40.htmlObjective 4.09 Define the ASM policy management functions (e.g., auditing,merging, reverting, import, and export)Example: Describe how to export/import policiesExample: Explain how to merge and differentiate between policiesExample: Describe how to revert policiesExample: Review the policy logInstructor Led Training: Configuring ASM: Module 7: Application Visibility and ig-ip ml?sr g-ip ml?sr 30303001ASM Study Guide 303. 8

ASM 303 Study GuideObjective 4.10 Explain the circumstances under which it is appropriate to useASM bypassExample: Recognize ASM specific user rolesExample: Recognize differences between user roles and permissionsInstructor Led Training: Module 8: ASM User, Role, and Policy 9000/300/sol9372.htmlASM Study Guide 303. 9

F5 Certified! 303 ASM Technology Specialist 2014 F5 Networks, Inc. Purpose of this Document This document outlines topic areas covered on the F5 ASM Specialists Certification Exam and resources available to help prepare test takers. References (Ref:1) Stuttard, Dafydd and Pinto, Marcus. 2008. The Web Application Hacker’s

Related Books

ASM 456 interface module - Industry Support Siemens

ASM 456 interface module - Industry Support Siemens

Fire alarm system Basics - ASM Integrators

Fire alarm system Basics - ASM Integrators

COURSE GUIDE ENT 303 SMALL SCALE BUSINESS MANAGEMENT

COURSE GUIDE ENT 303 SMALL SCALE BUSINESS MANAGEMENT

ACCT 303.001 Intermediate Accounting I Syllabus Fall 2019 .

ACCT 303.001 Intermediate Accounting I Syllabus Fall 2019 .

Woods 5pm (303) 290 0007 - MSU Denver

Woods 5pm (303) 290 0007 - MSU Denver

Spanish 301, 302, 303 - pdx.edu

Spanish 301, 302, 303 - pdx.edu

COMPANY PHONE 1 C PROPERTY RESTORATION (303) 340

COMPANY PHONE 1 C PROPERTY RESTORATION (303) 340

Arvada Appliance Appliance World Robert 303 431-2887

Arvada Appliance Appliance World Robert 303 431-2887

USER GUIDE Cisco Small Business Models 301 and 303

USER GUIDE Cisco Small Business Models 301 and 303

AECOM 312-938-0300 tel 303 E. Wacker Drive, Suite 900 312 .

AECOM 312-938-0300 tel 303 E. Wacker Drive, Suite 900 312 .

ACCT 303 Intermediate Accounting I - USI

ACCT 303 Intermediate Accounting I - USI

ACCT 303.002 Intermediate Accounting I

ACCT 303.002 Intermediate Accounting I

PopularTags

Recent Views