Class 9: WAF 111 - Protecting Yourself Against the OWASP Top 10

The OWASP Top 10 is the de facto list of the top 10 most prevalent web application attacks. A challenge for many security practitioners is taking such a list of high-level attacks and turning those into real, actionable protection for our applications. In this session we will demonstrate how we can quickly protect against the OWASP Top 10 by leveraging F5’s BIG-IP Advanced WAF module.

This class covers the following topics:

  • Introduction to the OWASP Top 10.
  • Hacking the Juice Shop web application.
  • Leverage F5 WAF Tester to assess vulnerabilities in the Juice Shop.
  • Rapidly create a BIG-IP Advanced WAF Policy using the Secure Guided Configuration.
  • Explore the BIG-IP OWASP compliance dashboard to measure your policys effectiveness.
  • Use the OWASP Dashboard to refine your WAF policy in order to mitigate the OWASP Top 10.
  • Re-evaluate the Juice Shop application.

Expected time to complete: 2 hours