CERTIFICATION RESOURCE GUIDE
|
|
- Percival Price
- 6 years ago
- Views:
Transcription
1 F5 Certified! 303 ASM Technology Specialist CERTIFICATION RESOURCE GUIDE Purpose of this Document This document outlines topic areas covered on the F5 ASM Specialists Certification Exam and resources available to help prepare test takers. References (Ref:1) Stuttard, Dafydd and Pinto, Marcus The Web Application Hacker s Handbook: Discovering and Exploiting Security Flaws. Wiley Publishing, Inc. Indianapolis, IN ISBN Release notes: Manual: Join the F5 Certified! Community on LinkedIn for more community created study guides F5 Networks, Inc.
2 Section 1: Assess security needs and choose an appropriate ASM policy Objective 1.01 Explain the potential effects of common attacks on web applications. Example: Summarize the OWASP Top Ten Example: Describe how ASM addresses the OWASP Top Ten Instructor Led Training: Configuring ASM: Module 3: Web Application Vulnerabilities. Objective 1.02 Explain how specific security policies mitigate various web application attacks Objective 1.03 Determine which ASM mitigation is appropriate for a particular vulnerability Example: Explain the purpose of vulnerability assessment tools Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools and Application Templates Objective 1.04 Choose the appropriate features and granularity Example: Describe the relationship between security policy and application development Example: Explain how specific security policies mitigate various web application attacks Instructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack Signatures Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools and Application Templates ASM 303 Study Guide. 2
3 Objective 1.05 Determine the most appropriate deployment method for a given set of requirements Example: Determine the appropriate deployment method when a canned deployment method is not applicable. Example: Evaluate the implications of changes in the policy to the security and vulnerabilities of the application Instructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack Signatures html Objective 1.06 Evaluate the implications of changes in the policy to the security and vulnerabilities of the application (Same as Example 2?) Example: Determine the rate of change of the application Example: Explain the trade-offs between security, manageability, false positives, and performance Section 2: Create and customize policies. Objective 2.01 Determine the appropriate criteria for initial policy definition based on application requirements (e.g. wildcards, violations, entities, signatures, userdefined signatures Example: Define the policy based on application requirements Instructor Led Training: Configuring ASM: Module 5: Rapid Deployment and Attack Signatures Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools and Application Templates Objective 2.02 Explain the policy builder lifecycle ASM Study Guide
4 1.html#wp Instructor Led Training: Configuring ASM: Module 12: Real Traffic Policy Builder Objective 2.03 Review and evaluate rules based on information gathered from ASM (e.g., attack signatures, DataGuard, parameters, entities) 0/asm_parameters.html?sr= ip_asm/manuals/product/bigipasm9_4/big_ip_9_4_asm_config_gd /asm_wildcard.html?sr= Objective 2.04 Refine policy structure for policy elements (e.g., URLs, parameters, files types, headers, sessions and logins, content profiles, CSRF protection, anomaly protection) Instructor Led Training: Configuring ASM: Module 13: Advanced Topics Objective 2.05 Explain the process to integrate and configure natively supported third-party vendors and generic formats with ASM (e.g., difference between scanning modes, icap) Example: Upload scan results from a third-party vendor into the ASM GUI. Instructor Led Training: Configuring ASM: Module 11: Vulnerability Assessment Tools and Application Templates sol12984: BIG-IP ASM does not send requests to ICAP servers that exceed the maximum request size : ASM Study Guide
5 sol12128: The URI of an Internet Content Adaptation Protocol server for antivirus Objective 2.06 Determine whether the rules are being implemented effectively and appropriately to mitigate the violations Example: Determine the appropriate violations to be enforced. Objective 2.07 Explain reporting and remote logging capabilities Example: Determine whether the remote logger is accessible Example: Determine the level of logging (i.e., all logs illegal requests, or responses) protection is hard-coded: 0/asm_monitoring.html# sol13238: The BIG-IP ASM bd process may crash when the remote logging profile server is unavailable: sol6994: Configuring the BIG-IP ASM to send forensics data to a remote syslog server: sol10651: BIG-IP ASM syslog request format : sol14020: BIG-IP ASM daemons (11.x): Instructor Led Training: Configuring ASM: Module 4: ASM Configuration Section 3: Maintain policy Objective 3.01 Interpret log entries to identify opportunities to refine the policy Example: Describe the various logs and formats Example: Identify the current state of the policy (e.g., violation status, blocking mode) ASM Study Guide
6 sol14020: BIG-IP ASM daemons (11.x): 0/asm_apx_remote_logging_formats.html# Objective 3.02 Determine how a policy should be adjusted based upon available data (e.g., learning suggestions, log data, application changes, traffic type, user requirements) Example: React to changes in the web application infrastructure Example: Adjust the policy to address application changes sol11914: Updating a BIG-IP ASM Security Policy when your website changes : Section 4 Objective 4.01 Describe the lifecycle of attack signatures sol8217: Updating the BIG-IP ASM attack signatures: sol11303: Updated signatures are automatically removed from blocking mode and placed into staging mode: Objective 4.02 Evaluate the impact of new or updated attack signatures on existing security policies sol8217: Updating the BIG-IP ASM attack signatures: ASM Study Guide
7 sol11303: Updated signatures are automatically removed from blocking mode and sol8517: Enabling attack signatures that were not triggered during the staging process: placed into staging mode Objective 4.03 Identify key ASM performance metrics (e.g., CPU report, memory report, process requests, logging) Example: Identify key ASM performance metrics Example: Adjust the policy to address application changes Example: Identify sources of resource consumption (e.g., large file uploads) Objective 4.04 Interpret ASM performance metrics and draw conclusions sol12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x): sol10227: BIG-IP ASM daemons (9.x - 10.x): Objective 4.05 Identify and gather information relevant to evaluating the activity of an ASM implementation Objective 4.06 Interpret the activity of an ASM implementation to determine its effectiveness Example: Demonstrate the understanding of growth trajectories for appropriate ongoing operations Example: Appraise the ASM-specific system resources (e.g., box capacity) ASM Study Guide
8 Objective 4.07 Differentiate between blocking and transparent features Example: Recognize the components of a PCI compliance report Instructor Led Training: Configuring ASM: Module 7: Application Visibility and Reporting sol8363: Using the Mask Data setting to protect sensitive data returned by the BIG-IP ASM: Objective 4.08 Evaluate whether a security policy is performing per requirements (i.e., blocking, transparent, or other relevant security features) Example: Solve issues that are illustrated in the PCI compliance report Example: Recognize the importance of trends and communicate to the necessary stakeholders Example: Explain risk management and the balance between availability and security Instructor Led Training: Configuring ASM: Module 7: Application Visibility and Reporting 0.html Objective 4.09 Define the ASM policy management functions (e.g., auditing, merging, reverting, import, and export) Example: Describe how to export/import policies Example: Explain how to merge and differentiate between policies Example: Describe how to revert policies Example: Review the policy log Instructor Led Training: Configuring ASM: Module 7: Application Visibility and Reporting ASM Study Guide
9 Objective 4.10 Explain the circumstances under which it is appropriate to use ASM bypass Example: Recognize ASM specific user roles Example: Recognize differences between user roles and permissions Instructor Led Training: Module 8: ASM User, Role, and Policy Administration ASM Study Guide
303 BIG-IP ASM SPECIALIST
ABOUT THE 303 BIG-IP ASM SPECIALIST EXAM. The BIG-IP ASM Specialist exam identifies individuals who are qualified to design, implement, and maintain ASM, including advanced features. They will likely be
More informationConfiguring BIG-IP ASM v12.1 Application Security Manager
Course Description Configuring BIG-IP ASM v12.1 Application Security Manager Description The BIG-IP Application Security Manager course gives participants a functional understanding of how to deploy, tune,
More informationF5 Big-IP Application Security Manager v11
F5 F5 Big-IP Application Security Manager v11 Code: ACBE F5-ASM Days: 4 Course Description: This four-day course gives networking professionals a functional understanding of the BIG- IP LTM v11 system
More informationBIG-IP Application Security Manager : Getting Started. Version 12.1
BIG-IP Application Security Manager : Getting Started Version 12.1 Table of Contents Table of Contents Introduction to Application Security Manager...5 What is Application Security Manager?...5 When to
More informationImperva Incapsula Website Security
Imperva Incapsula Website Security DA T A SH E E T Application Security from the Cloud Imperva Incapsula cloud-based website security solution features the industry s leading WAF technology, as well as
More informationBIG-IP Application Security Manager : Implementations. Version 13.0
BIG-IP Application Security Manager : Implementations Version 13.0 Table of Contents Table of Contents Preventing DoS Attacks on Applications... 13 What is a DoS attack?...13 About recognizing DoS attacks...
More informationF5 Azure Cloud Try User Guide. F5 Networks, Inc. Rev. September 2016
F5 Azure Cloud Try User Guide F5 Networks, Inc. Rev. September 2016 Azureinfo@f5.com Table of Contents Introduction... 3 F5 Web Application Firewall Solution, (WAF) Review... 3 Configuring SSO/Pre-authentication
More informationPenetration Testing. James Walden Northern Kentucky University
Penetration Testing James Walden Northern Kentucky University Topics 1. What is Penetration Testing? 2. Rules of Engagement 3. Penetration Testing Process 4. Map the Application 5. Analyze the Application
More informationIntegrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More information401 - SECURITY SOLUTION EXPERT
ABOUT THE 401-SECURITY SOLUTION EXPERT EXAM. The 401-Security Solution Expert exam is required to achieve Certified F5 Solution Expert status in Security. Successful completion of the 401-Security Solution
More information201 - TMOS TECHNOLOGY SPECIALIST
201 - TMOS TECHNOLOGY SPECIALIST ABOUT THE 401-SECURITY SOLUTION EXPERT EXAM. The 401-Security Solution Expert exam is required to achieve Certified F5 Solution Expert status in Security. Successful completion
More informationDocument version: 1.0 What's inside: Products and versions tested Important:
Deployment Guide Document version: 1.0 What's inside: 2 Prerequisites and configuration notes 2 Configuration example 3 Configuring the BIG-IP ASM for Oracle Database Firewall 3 Configuring the BIG-IP
More informationBIG-IP Analytics: Implementations. Version 13.1
BIG-IP Analytics: Implementations Version 13.1 Table of Contents Table of Contents Setting Up Application Statistics Collection...5 What is Analytics?...5 About HTTP Analytics profiles... 5 Overview:
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationOWASP RFP CRITERIA v 1.1
OWASP RFP CRITERIA v 1.1 Project Sponsored by : ProactiveRisk. Table of Contents. 1. Introduction.3 2. Recommended Information the Client should provide to Service Providers/Vendors.4 2.1 Lines of Code..4
More informationWHITE PAPER. Best Practices for Web Application Firewall Management
WHITE PAPER Best Practices for Web Application Firewall Management WHITE PAPER Best Practices for Web Application Firewall Management.. INTRODUCTION 1 DEPLOYMENT BEST PRACTICES 2 Document your security
More informationCyber Attacks and Application - Motivation, Methods and Mitigation. Alfredo Vistola Solution Architect Security, EMEA
Cyber Attacks and Application - Motivation, Methods and Mitigation Alfredo Vistola a.vistola@f5.com Solution Architect Security, EMEA Attacks are Moving Up the Stack Network Threats Application Threats
More informationFundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring
Fundamentals of Information Systems Security Lesson 5 Auditing, Testing, and Monitoring Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy.
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationPaloalto Networks PCNSA EXAM
Page No 1 m/ Paloalto Networks PCNSA EXAM Palo Alto Networks Certified Network Security Administrator Product: Full File For More Information: /PCNSA-dumps 2 Product Questions: 50 Version: 8.0 Question:
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationIntroduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, page 1 Uses for Host, Application, and User Discovery and Identity
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationGOING WHERE NO WAFS HAVE GONE BEFORE
GOING WHERE NO WAFS HAVE GONE BEFORE Andy Prow Aura Information Security Sam Pickles Senior Systems Engineer, F5 Networks NZ Agenda: WTF is a WAF? View from the Trenches Example Attacks and Mitigation
More informationIntroduction to Network Discovery and Identity
The following topics provide an introduction to network discovery and identity policies and data: Host, Application, and User Detection, on page 1 Uses for Host, Application, and User Discovery and Identity
More informationCompTIA Cybersecurity Analyst+
CompTIA Cybersecurity Analyst+ Course CT-04 Five days Instructor-Led, Hands-on Introduction This five-day, instructor-led course is intended for those wishing to qualify with CompTIA CSA+ Cybersecurity
More informationCase Study: The Evolution of EMC s Product Security Office. Dan Reddy, CISSP, CSSLP EMC Product Security Office
Case Study: The Evolution of EMC s Product Security Office Dan Reddy, CISSP, CSSLP EMC Product Security Office 1 The Evolution of EMC Product Security 2000-2004 2005-2009 2010-Beyond External Drivers Hackers
More informationA10 HARMONY CONTROLLER
DATA SHEET A10 HARMONY CONTROLLER AGILE MANAGEMENT, AUTOMATION, ANALYTICS FOR MULTI-CLOUD ENVIRONMENTS PLATFORMS A10 Harmony Controller provides centralized agile management, automation and analytics for
More informationVulnerability Assessment with Application Security
Vulnerability Assessment with Application Security Targeted attacks are growing and companies are scrambling to protect critical web applications. Both a vulnerability scanner and a web application firewall
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationCompTIA Security+ Study Guide (SY0-501)
CompTIA Security+ Study Guide (SY0-501) Syllabus Session 1 At the end of this session, students will understand what risk is and the basics of what it means to have security in an organization. This includes
More informationApplication and Data Security with F5 BIG-IP ASM and Oracle Database Firewall
F5 White Paper Application and Data Security with F5 BIG-IP ASM and Oracle Database Firewall Organizations need an end-to-end web application and database security solution to protect data, customers,
More informationSite Data Protection (SDP) Program Update
Advanced Payments October 9, 2006 Site Data Protection (SDP) Program Update Agenda Security Landscape PCI Security Standards Council SDP Program October 9, 2006 SDP Program Update 2 Security Landscape
More informationHP0-Y16. ProCurve Network Immunity Solutions. Download Full Version :
HP HP0-Y16 ProCurve Network Immunity Solutions Download Full Version : http://killexams.com/pass4sure/exam-detail/hp0-y16 Which challenges does a unified NIM + IDS deployment meet? (Select two.) A. Reducing
More informationExam : Title : Security Solutions for Systems Engineers(SSSE) Version : Demo
Exam : 642-565 Title : Security Solutions for Systems Engineers(SSSE) Version : Demo 1. SomeCompany, Ltd. wants to implement the the PCI Data Security Standard to protect sensitive cardholder information.
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationBIG-IP Application Security Manager : Implementations. Version 11.3
BIG-IP Application Security Manager : Implementations Version 11.3 Table of Contents Table of Contents Legal Notices...7 Chapter 1: Automatically Synchronizing Application Security Configurations...9
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationSQL Server Solutions GETTING STARTED WITH. SQL Secure
SQL Server Solutions GETTING STARTED WITH SQL Secure Purpose of this document This document is intended to be a helpful guide to installing, using, and getting the most value from the Idera SQL Secure
More informationMeeting PCI DSS 3.2 Compliance with RiskSense Solutions
Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business
More informationIBM Security Vaš digitalni imuni sistem. Dejan Vuković Security BU Leader South East Europe IBM Security
IBM Security Vaš digitalni imuni sistem Dejan Vuković Security BU Leader South East Europe IBM Security Compliance vs Risk based approach & o Zakon o informacionoj bezbednose, Zakon o tajnose podataka,
More informationRFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template
RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline
More informationSECURITY TRAINING SECURITY TRAINING
SECURITY TRAINING SECURITY TRAINING Addressing software security effectively means applying a framework of focused activities throughout the software lifecycle in addition to implementing sundry security
More informationDeploying the BIG-IP System with HTTP Applications
Deploying the BIG-IP System with Welcome to the F5 deployment guide for HTTP applications. This document contains guidance on configuring the BIG-IP system version 11.4 and later for most web server implementations,
More informationSecurity
Security +617 3222 2555 info@citec.com.au Security With enhanced intruder technologies, increasingly sophisticated attacks and advancing threats, your data has never been more susceptible to breaches from
More informationSECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011
SECURING THE NEXT GENERATION DATA CENTER Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011 JUNIPER SECURITY LEADERSHIP Market Leadership Data Center with High-End
More informationExpert Test Manager: Operational Module Course Outline
Expert Test Manager: Operational Module Course Outline General Description A truly successful test organization not only has solid, relevant test objectives and a test strategy, but it also has the means
More informationThe Top 6 WAF Essentials to Achieve Application Security Efficacy
The Top 6 WAF Essentials to Achieve Application Security Efficacy Introduction One of the biggest challenges IT and security leaders face today is reducing business risk while ensuring ease of use and
More informationRelease Notes Version 7.8
Please Read Before Updating Before installing any firmware version, be sure to make a backup of your configuration and read all release notes that apply to versions more recent than the one currently running
More informationSecuring Cloud Applications with a Distributed Web Application Firewall Riverbed Technology
Securing Cloud Applications with a Distributed Web Application Firewall www.riverbed.com 2013 Riverbed Technology Primary Target of Attack Shifting from Networks and Infrastructure to Applications NETWORKS
More informationPresenting the VMware NSX ECO System May Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe
Presenting the ware NSX ECO System May 2015 Geert Bussé Westcon Group Solutions Sales Specialist, Northern Europe Agenda 10:15-11:00 ware NSX, the Network Virtualization Platform 11.15-12.00 Palo Alto
More informationHow-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018
How-to Guide: Tenable Nessus for Microsoft Azure Last Updated: April 03, 2018 Table of Contents How-to Guide: Tenable Nessus for Microsoft Azure 1 Introduction 3 Auditing the Microsoft Azure Cloud Environment
More informationIngram Micro Cyber Security Portfolio
Ingram Micro Cyber Security Portfolio Ingram Micro Inc. 1 Ingram Micro Cyber Security Portfolio Services Trainings Vendors Technical Assessment General Training Consultancy Service Certification Training
More informationCompliance with CloudCheckr
DATASHEET Compliance with CloudCheckr Introduction Security in the cloud is about more than just monitoring and alerts. To be truly secure in this ephemeral landscape, organizations must take an active
More informationISC2 EXAM - CISSP. Certified Information Systems Security Professional. Buy Full Product.
ISC2 EXAM - CISSP Certified Information Systems Security Professional Buy Full Product http://www.examskey.com/cissp.html Examskey ISC2 CISSP exam demo product is here for you to test the quality of the
More informationCertification Exam Guide SALESFORCE CERTIFIED SHARING AND VISIBILITY DESIGNER. Spring Salesforce.com, inc. All rights reserved.
Certification Exam Guide SALESFORCE CERTIFIED SHARING AND VISIBILITY DESIGNER Spring 18 2018 Salesforce.com, inc. All rights reserved. S ALESFORCE CERTIFIED SHARING AND VISIBILITY DESIGNER CONTENTS About
More informationCarbon Black PCI Compliance Mapping Checklist
Carbon Black PCI Compliance Mapping Checklist The following table identifies selected PCI 3.0 requirements, the test definition per the PCI validation plan and how Carbon Black Enterprise Protection and
More informationContinuously Discover and Eliminate Security Risk in Production Apps
White Paper Security Continuously Discover and Eliminate Security Risk in Production Apps Table of Contents page Continuously Discover and Eliminate Security Risk in Production Apps... 1 Continuous Application
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationBIG-IP ASM Operations Guide
BIG-IP ASM Operations Guide A Web Application Firewall that Guards Your Critical Apps With F5 BIG-IP Aplplication Security Manager (ASM), organizations gain the flexibility they need to deploy Web Application
More informationSIEMLESS THREAT MANAGEMENT
SOLUTION BRIEF: SIEMLESS THREAT MANAGEMENT SECURITY AND COMPLIANCE COVERAGE FOR APPLICATIONS IN ANY ENVIRONMENT Evolving threats, expanding compliance risks, and resource constraints require a new approach.
More informationWeb Applications Security. Radovan Gibala F5 Networks
Applications Security Radovan Gibala F5 Networks How does the current situation look like? Application Trends and Drivers ification of applications Intelligent browsers and applications Increasing regulatory
More informationMcAfee Security Management Center
Data Sheet McAfee Security Management Center Unified management for next-generation devices Key advantages: Single pane of glass across the management lifecycle for McAfee next generation devices. Scalability
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationActivating Intrusion Prevention Service
Activating Intrusion Prevention Service Intrusion Prevention Service Overview Configuring Intrusion Prevention Service Intrusion Prevention Service Overview Intrusion Prevention Service (IPS) delivers
More informationBIG-IP System: Implementing a Passive Monitoring Configuration. Version 13.0
BIG-IP System: Implementing a Passive Monitoring Configuration Version 13.0 Table of Contents Table of Contents Configuring the BIG-IP System for Passive Monitoring...5 Overview: Configuring the BIG-IP
More informationIpswitch MOVEit File Transfer (DMZ)
Secured by RSA Implementation Guide for RSA DLP Network Partner Information Last Modified: August 28 th, 2014 Product Information Partner Name Ipswitch Web Site http://www.ipswitch.com/ Product Name Version
More informationPositive Technologies Telecom Attack Discovery DATA SHEET
Positive Technologies Telecom Attack Discovery DATA SHEET PT TELECOM ATTACK DISCOVERY DATA SHEET CELLULAR NETWORK SECURITY COMPLICATIONS As is shown in the network analysis performed by Positive Technologies
More informationBIG-IP Analytics: Implementations. Version 12.1
BIG-IP Analytics: Implementations Version 12.1 Table of Contents Table of Contents Setting Up Application Statistics Collection...5 What is Analytics?...5 About HTTP Analytics profiles...5 Overview: Collecting
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationTRAINING CURRICULUM 2017 Q2
TRAINING CURRICULUM 2017 Q2 Index 3 Why Security Compass? 4 Discover Role Based Training 6 SSP Suites 7 CSSLP Training 8 Course Catalogue 14 What Can We Do For You? Why Security Compass? Role-Based Training
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationCISA Training.
CISA Training www.austech.edu.au WHAT IS CISA TRAINING? The CISA, Certified Information Systems Auditor, is a professional designation which provides great benefits and increased influence for an individual
More informationSANS Institute Product Review: Oracle Database Vault
Sponsored by Oracle SANS Institute Product Review: August 2011 A SANS Whitepaper Written by: Tanya Baccam Overview and Setup PAge 2 Creating and Testing Realms PAge 3 Rules, Roles and Factors for Granular
More informationApplication Security. Rafal Chrusciel Senior Security Operations Analyst, F5 Networks
Application Security Rafal Chrusciel Senior Security Operations Analyst, F5 Networks r.chrusciel@f5.com Agenda Who are we? Anti-Fraud F5 Silverline DDOS protection WAFaaS Threat intelligence & malware
More informationAppSpider Enterprise. Getting Started Guide
AppSpider Enterprise Getting Started Guide Contents Contents 2 About AppSpider Enterprise 4 Getting Started (System Administrator) 5 Login 5 Client 6 Add Client 7 Cloud Engines 8 Scanner Groups 8 Account
More informationVULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED
AUTOMATED CODE ANALYSIS WEB APPLICATION VULNERABILITIES IN 2017 CONTENTS Introduction...3 Testing methods and classification...3 1. Executive summary...4 2. How PT AI works...4 2.1. Verifying vulnerabilities...5
More informationNetwork Device Forensics. Digital Forensics NETS1032 Winter 2018
Network Device Forensics Digital Forensics NETS1032 Winter 2018 Risks Most data created, stored, and used by users is kept in files on computers running end user oriented operating systems like Windows,
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationStudents should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:
Secure Java Web Application Development Lifecycle - SDL (TT8325-J) Day(s): 5 Course Code: GK1107 Overview Secure Java Web Application Development Lifecycle (SDL) is a lab-intensive, hands-on Java / JEE
More informationForeScout CounterACT. Configuration Guide. Version 1.2
ForeScout CounterACT Core Extensions Module: NetFlow Plugin Version 1.2 Table of Contents About NetFlow Integration... 3 How it Works... 3 Supported NetFlow Versions... 3 What to Do... 3 Requirements...
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationEthical Hacking Foundation Exam Syllabus
1 Table of contents Table of contents... 2 Exam Syllabus: Ethical Hacking Foundation... 3 Context... 3 Course objectives... 3 Target audience... 3 Prerequisites... 4 Exam information... 4 Examination details...
More informationSecurity Monitoring Engineer / (NY or NC) Director, Information Security. New York, NY or Winston-Salem, NC. Location:
Position: Reports to: Location: Security Monitoring Engineer / (NY or NC) Director, Information Security New York, NY or Winston-Salem, NC Position Summary: The Clearing House (TCH) Information Security
More informationSALESFORCE CERTIFIED TECHNICAL ARCHITECT
Certification Exam Guide SALESFORCE CERTIFIED TECHNICAL ARCHITECT Spring 18 2018 Salesforce.com, inc. All rights reserved. S ALESFORCE CERTIFIED TECHNICAL ARCHITECT CONTENTS About the Salesforce Certified
More informationEvaluation Criteria for Web Application Firewalls
Evaluation Criteria for Web Application Firewalls Ivan Ristić VP Security Research Breach Security 1/31 Introduction Breach Security Global headquarters in Carlsbad, California Web application security
More informationTurn-key Vulnerability Management
Turn-key Vulnerability Management Security Manager The solution for IT security in your organisation Security issues: How many? Where are they? How can I correct them? Compliance: Has it been achieved
More informationSnapt Accelerator Manual
Snapt Accelerator Manual Version 2.0 pg. 1 Contents Chapter 1: Introduction... 3 Chapter 2: General Usage... 3 Accelerator Dashboard... 4 Standard Configuration Default Settings... 5 Standard Configuration
More informationIntrusion prevention systems are an important part of protecting any organisation from constantly developing threats.
Network IPS Overview Intrusion prevention systems are an important part of protecting any organisation from constantly developing threats. By using protocol recognition, identification, and traffic analysis
More informationHow to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud
PRESENTED BY How to Leverage Containers to Bolster Security and Performance While Moving to Google Cloud BIG-IP enables the enterprise to efficiently address security and performance when migrating to
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationSkyFormation for Salesforce. Cloud Connector
SkyFormation for Salesforce Cloud Connector Overview Salesforce provides a broad set of customers and sales automation and management services delivered as a cloud service. Salesforce helps organizations
More informationDeploying the BIG-IP System with Microsoft IIS
Deploying the BIG-IP System with Welcome to the F5 deployment guide for Microsoft Internet Information Services (IIS). This document contains guidance on configuring the BIG-IP system version 11.4 and
More informationUpgrading from TrafficShield 3.2.X to Application Security Module 9.2.3
Upgrading from TrafficShield 3.2.X to Application Security Module 9.2.3 Introduction Preparing the 3.2.X system for the upgrade Installing the BIG-IP version 9.2.3 software Licensing the software using
More informationCisco Tetration Analytics
Cisco Tetration Analytics Enhanced security and operations with real time analytics John Joo Tetration Business Unit Cisco Systems Security Challenges in Modern Data Centers Securing applications has become
More informationPreparing for the Cross Site Request Forgery Defense
Preparing for the Cross Site Request Forgery Defense By Chuck Willis chuck.willis@mandiant.com Presented at Black Hat Briefings DC 2008 on February 20, 2008 Slides available at www.blackhat.com. Abstract:
More informationCisco ISR G2 Management Overview
Cisco ISR G2 Management Overview Introduction The new Cisco Integrated Services Routers Generation 2 (ISR G2) Family of routers delivers the borderless network that can transform the branch office and
More informationJuniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ]
s@lm@n Juniper Exam JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC) Version: 7.0 [ Total Questions: 222 ] Topic 1, Volume A Question No : 1 - (Topic 1) A customer wants to create a custom Junos
More informationDEFINITIONS AND REFERENCES
DEFINITIONS AND REFERENCES Definitions: Insider. Cleared contractor personnel with authorized access to any Government or contractor resource, including personnel, facilities, information, equipment, networks,
More information