In every web application, only certain file types with predefined properties are permitted. F5 AWAF can either manually or automatically learn allowed file types and their unique properties for each web application. It then discard any file types that are not explicitly permitted, as well as those allowed file types but but whose properties fall…
DetailsIn this section, we will explore and demonstrate the different learning modes available in F5 Advanced WAF (AWAF), including Never (wildcard only), Selective, Compact, and Always. Each mode determines how the F5 AWAF learns and adapts individually to each component of a web application.
DetailsF5 AWAF Data Guard feature is a security mechanism designed to prevent the leakage of sensitive information such as credit card numbers or Social Security numbers. Data Guard can either block the response or mask the sensitive data with asterisks (****), depending on the configuration. That’s what we’ll demonstrate in this lesson.
DetailsThis lesson will help you create your first security policy in F5 Advanced WAF (AWAF). It covers important concepts and terminologies you need to know to create a security policy, such as security templates, enforcement mode, learning mode and signature staging.
You’ll also learn how to assign a security policy to a web application.
mitmproxy is an interactive proxy to monitor and manipulate HTTP and HTTPS traffic.
In the F5 Advanced WAF (AWAF) course, mitmproxy serves as a powerful tool for analyzing and modifying web traffic and simulating attack scenarios to test and strengthen security measures.
This section shows how to use mitmproxy to intercept and analyze communication between clients and web application.
Building on the previous lessons, we successfully prepared two intentionally vulnerable web applications: the “Hack-It-Yourself PHP Auction” and “DVWA”.
In this section, we will go through the initial setup of the F5 device according to the network topology using a trial license key. We will publish these two web applications via the F5 LTM module. Additionally, we activate the F5 AWAF module, an essential component that will be actively used throughout the course to protect the web applications from potential threats.