13. F5 AWAF File Type Learning

In every web application, only certain file types with predefined properties are permitted. F5 AWAF can either manually or automatically learn allowed file types and their unique properties for each web application. It then discard any file types that are not explicitly permitted, as well as those allowed file types but but whose properties fall…

Details

5. F5 AWAF Lab Preparation Part 4 _ mitmproxy configuration as web debugging and interception demonstration

mitmproxy is an interactive proxy to monitor and manipulate HTTP and HTTPS traffic.
In the F5 Advanced WAF (AWAF) course, mitmproxy serves as a powerful tool for analyzing and modifying web traffic and simulating attack scenarios to test and strengthen security measures.
This section shows how to use mitmproxy to intercept and analyze communication between clients and web application.

Details

4. F5 AWAF Lab Preparation Part 3 _ F5 initial configuration

Building on the previous lessons, we successfully prepared two intentionally vulnerable web applications: the “Hack-It-Yourself PHP Auction” and “DVWA”.
In this section, we will go through the initial setup of the F5 device according to the network topology using a trial license key. We will publish these two web applications via the F5 LTM module. Additionally, we activate the F5 AWAF module, an essential component that will be actively used throughout the course to protect the web applications from potential threats.

Details