F5 Distributed Cloud: Web Application Security & Scanning

Welcome

This hands-on lab environment highlights the concepts and capabilties of F5 Distributed Cloud Web Application and API Protection (WAAP).

Narrative: During the lab you will be playing the role of an Engineer at ACME Corp who responds to new business requirements quickly by implementing F5’s Web Application and API security solutions.

Goal: Implement and operate an application security environment utilizing F5 SaaS-Powered Distributed Cloud core security tooling.

• Full walkthrough of F5 Distributed Cloud WAF leveraging policy creation, use, and management ​

• Understanding of security event searching, navigation, filtering and tooling with forensics and AI assistant

• Utilize Signature-based Bot protections

• Explore functionality and purpose of Malicious User

• Deploy Web Application Scanning as a continual security assessment​

This Lab uses the [AppWorld] F5XC Security Base Lab UDF Blueprint.

Labs:

• Introduction to the Lab
  • Task 1: Lab Environment
  • Task 2: Accessing F5 Distributed Cloud Console
  • Course/Lab Invitation
  • Accessing UDF (F5 Unified Demo Framework)
  • Accessing F5 Distributed Cloud
• Lab 1: Deploying and Managing F5 Distributed Cloud Web Application Firewall Configuration
  • Task 1: Exploring the F5 Distributed Console
  • Task 2: Configure WAF Policy on the Load Balancer
  • Task 3: Testing the WAF Policy & Reviewing Event Data
  • Task 4: Understanding Exclusions and Customizing WAF Policy
• Lab 2: Reviewing Signature-based Bot Strategies and enabling F5 Distributed Cloud Bot Defense
  • Task 1: Reviewing Signature-based Bot protection
  • Task 2: Enabling F5 Distributed Cloud Bot Defense
• Lab 3: Malicious Users
  • Task 1: Creating a User Identification Policy
  • Task 2: Enable Malicious User Detection and Mitigation Actions
• Lab 4: Web App Scanning
  • Task 1: Configure a Web Application Scan
• Lab 5: AI Assistant and Security Operations
  • Task 1: Exploring AI Assistant
• Conclusion
• Appendix