CERTIFICATION RESOURCE GUIDE

Transcription

1 F5 Certified! 303 ASM Technology Specialist CERTIFICATION RESOURCE GUIDE Purpose of this Document This document outlines topic areas covered on the F5 ASM Specialists Certification Exam and resources available to help prepare test takers. References (Ref:1) Stuttard, Dafydd and Pinto, Marcus The Web Application Hacker s Handbook: Discovering and Exploiting Security Flaws. Wiley Publishing, Inc. Indianapolis, IN ISBN Release notes: Manual: Join the F5 Certified! Community on LinkedIn for more community created study guides F5 Networks, Inc.

2 Section 1: Assess security needs and choose an appropriate ASM policy Objective 1.01 Explain the potential effects of common attacks on web applications. Example: Summarize the OWASP Top Ten Example: Describe how ASM addresses the OWASP Top Ten Instructor Led Training: Configuring ASM: Module 3: Web Application Vulnerabilities. Objective 1.02 Explain how specific security policies mitigate various web application attacks Objective 1.03 Determine which ASM mitigation is appropriate for a particular vulnerability Example: Explain the purpose of vulnerability assessment tools Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools and Application Templates Objective 1.04 Choose the appropriate features and granularity Example: Describe the relationship between security policy and application development Example: Explain how specific security policies mitigate various web application attacks Instructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack Signatures Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools and Application Templates ASM 303 Study Guide. 2

3 Objective 1.05 Determine the most appropriate deployment method for a given set of requirements Example: Determine the appropriate deployment method when a canned deployment method is not applicable. Example: Evaluate the implications of changes in the policy to the security and vulnerabilities of the application Instructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack Signatures html Objective 1.06 Evaluate the implications of changes in the policy to the security and vulnerabilities of the application (Same as Example 2?) Example: Determine the rate of change of the application Example: Explain the trade-offs between security, manageability, false positives, and performance Section 2: Create and customize policies. Objective 2.01 Determine the appropriate criteria for initial policy definition based on application requirements (e.g. wildcards, violations, entities, signatures, userdefined signatures Example: Define the policy based on application requirements Instructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack Signatures Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools and Application Templates Objective 2.02 Explain the policy builder lifecycle ASM Study Guide

4 1.html#wp Instructor Led Training: Configuring ASM: Module 12: Real Traffic Policy Builder Objective 2.03 Review and evaluate rules based on information gathered from ASM (e.g., attack signatures, DataGuard, parameters, entities) 0/asm_parameters.html?sr= ip_asm/manuals/product/bigipasm9_4/big_ip_9_4_asm_config_gd /asm_wildcard.html?sr= Objective 2.04 Refine policy structure for policy elements (e.g., URLs, parameters, files types, headers, sessions and logins, content profiles, CSRF protection, anomaly protection) Instructor Led Training: Configuring ASM: Module 13: Advanced Topics Objective 2.05 Explain the process to integrate and configure natively supported third-party vendors and generic formats with ASM (e.g., difference between scanning modes, icap) Example: Upload scan results from a third-party vendor into the ASM GUI. Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools and Application Templates sol12984: BIG-IP ASM does not send requests to ICAP servers that exceed the maximum request size : ASM Study Guide

5 sol12128: The URI of an Internet Content Adaptation Protocol server for antivirus Objective 2.06 Determine whether the rules are being implemented effectively and appropriately to mitigate the violations Example: Determine the appropriate violations to be enforced. Objective 2.07 Explain reporting and remote logging capabilities Example: Determine whether the remote logger is accessible Example: Determine the level of logging (i.e., all logs illegal requests, or responses) protection is hard-coded: 0/asm_monitoring.html# sol13238: The BIG-IP ASM bd process may crash when the remote logging profile server is unavailable: sol6994: Configuring the BIG-IP ASM to send forensics data to a remote syslog server: sol10651: BIG-IP ASM syslog request format : sol14020: BIG-IP ASM daemons (11.x): Instructor Led Training: Configuring ASM: Module 4: ASM Configuration Section 3: Maintain policy Objective 3.01 Interpret log entries to identify opportunities to refine the policy Example: Describe the various logs and formats Example: Identify the current state of the policy (e.g., violation status, blocking mode) ASM Study Guide

6 sol14020: BIG-IP ASM daemons (11.x): 0/asm_apx_remote_logging_formats.html# Objective 3.02 Determine how a policy should be adjusted based upon available data (e.g., learning suggestions, log data, application changes, traffic type, user requirements) Example: React to changes in the web application infrastructure Example: Adjust the policy to address application changes sol11914: Updating a BIG-IP ASM Security Policy when your website changes : Section 4 Objective 4.01 Describe the lifecycle of attack signatures sol8217: Updating the BIG-IP ASM attack signatures: sol11303: Updated signatures are automatically removed from blocking mode and placed into staging mode: Objective 4.02 Evaluate the impact of new or updated attack signatures on existing security policies sol8217: Updating the BIG-IP ASM attack signatures: ASM Study Guide

7 sol11303: Updated signatures are automatically removed from blocking mode and sol8517: Enabling attack signatures that were not triggered during the staging process: placed into staging mode Objective 4.03 Identify key ASM performance metrics (e.g., CPU report, memory report, process requests, logging) Example: Identify key ASM performance metrics Example: Adjust the policy to address application changes Example: Identify sources of resource consumption (e.g., large file uploads) Objective 4.04 Interpret ASM performance metrics and draw conclusions sol12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x): sol10227: BIG-IP ASM daemons (9.x - 10.x): Objective 4.05 Identify and gather information relevant to evaluating the activity of an ASM implementation Objective 4.06 Interpret the activity of an ASM implementation to determine its effectiveness Example: Demonstrate the understanding of growth trajectories for appropriate ongoing operations Example: Appraise the ASM-specific system resources (e.g., box capacity) ASM Study Guide

8 Objective 4.07 Differentiate between blocking and transparent features Example: Recognize the components of a PCI compliance report Instructor Led Training: Configuring ASM: Module 7: Application Visibility and Reporting sol8363: Using the Mask Data setting to protect sensitive data returned by the BIG-IP ASM: Objective 4.08 Evaluate whether a security policy is performing per requirements (i.e., blocking, transparent, or other relevant security features) Example: Solve issues that are illustrated in the PCI compliance report Example: Recognize the importance of trends and communicate to the necessary stakeholders Example: Explain risk management and the balance between availability and security Instructor Led Training: Configuring ASM: Module 7: Application Visibility and Reporting 0.html Objective 4.09 Define the ASM policy management functions (e.g., auditing, merging, reverting, import, and export) Example: Describe how to export/import policies Example: Explain how to merge and differentiate between policies Example: Describe how to revert policies Example: Review the policy log Instructor Led Training: Configuring ASM: Module 7: Application Visibility and Reporting ASM Study Guide

9 Objective 4.10 Explain the circumstances under which it is appropriate to use ASM bypass Example: Recognize ASM specific user roles Example: Recognize differences between user roles and permissions Instructor Led Training: Module 8: ASM User, Role, and Policy Administration ASM Study Guide