Who should attend
This course is intended for security and network administrators who will be responsible for the installation and day-to-day maintenance of the Application Security Manager.
Prerequisites
Students should understand:
- Basic HTTP and HTML concepts
- Basic security concepts
- Common network terminology
- Web application terminology
In addition, students should be proficient in:
- Basic PC operation and application skills, including operating a keyboard, mouse, Linux and Windows OS
- Basic Web browser operation (Internet Explorer and Mozilla Firefox are used in class)
Course Objectives
By course completion, the student will be able to implement and understand security policy configuration tasks and configure a security policy based on traffic learning and various security policy building techniques. Additionally, a student will be able to administer and manage Application Security Manager.
Course Content
This four-day course covers ways to manage web-based and XML application attacks and the use of Application Security Manager to defend against these attacks. The course covers installation, configuration, management, security policy building, traffic learning, and implementation of Application Security Manager in both stand-alone and modular configurations. This class includes lectures, labs, demonstrations, and discussions.
Course topics include:
- ASM deployment types
- Configuration backup
- Web application security concepts
- HTTP and HTML concepts
- Common HTTP vulnerabilities
- ASM-enabled HTTP classes
- Security Policy building
- Deployment wizard scenarios
- Vulnerability assessment tools
- Application visibility and reporting
- ASM administration
- Traffic learning
- Parameters
- Real Traffic Policy Builder
- Login pages
- Session tracking
- Username tracking
- Anomaly detection
- Anti-virus protection
- Geolocation enforcement
- IP address exclusions
- XML and web services protection
- AJAX/JSON support
- Protocol security module
- IP address intelligence