FortiWeb 5.0, Web Application Firewall Course #251



Similar documents
FortiManager Centralized Device Management

FortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Basic & Advanced Administration for Citrix NetScaler 9.2

Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall

Web Application Firewall

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

How To Protect A Web Application From Attack From A Trusted Environment

PROFESSIONAL SECURITY SYSTEMS

NSFOCUS Web Application Firewall

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

FortiMail Filtering Course 221-v2.2 Course Overview

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Where every interaction matters.

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Guidelines for Web applications protection with dedicated Web Application Firewall

Radware Attack Mitigation Solution (AMS) Protect Online Businesses and Data Centers Against Emerging Application & Network Threats - Whitepaper

6WRUP:DWFK. Policies for Dedicated SQL Servers Group

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

FortiWeb Web Application Firewall. Ensuring Compliance for PCI DSS requirement 6.6 SOLUTION GUIDE

Cisco ACE Application Control Engine: ACEBC Catalyst 6500 and 4710 Applicance Boot Camp

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

McAfee Network Security Platform Administration Course

6WRUP:DWFK. Policies for Dedicated IIS Web Servers Group. V2.1 policy module to restrict ALL network access

Application Security Manager ASM. David Perodin F5 Engineer

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Formación en Tecnologías Avanzadas

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

CNS-208 Citrix NetScaler 10 Essentials for ACE Migration

VMware vcenter Log Insight Getting Started Guide

CS5008: Internet Computing

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

Web Application Firewall on SonicWALL SRA

FortiOS Handbook - PCI DSS Compliance VERSION 5.4.0

IJMIE Volume 2, Issue 9 ISSN:

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Implementation of Web Application Firewall

Introduction to Endpoint Security

ICSA Labs Web Application Firewall Certification Testing Report Web Application Firewall - Version 2.1 (Corrected) Radware Inc. AppWall V5.6.4.

FortiWeb TM. Web Application Firewall. Unmatched Protection for Web Applications. Emerging Threats Create New Challenges

CNS-301-3I ~ Citrix NetScaler 11 Advanced Implementation

Importance of Web Application Firewall Technology for Protecting Web-based Resources

Implementing the Application Control Engine Service Module

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Barracuda Intrusion Detection and Prevention System

Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6

IBM Security QRadar Vulnerability Manager Version User Guide

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Enterprise-Grade Security from the Cloud

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

NSFOCUS Web Application Firewall White Paper

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

McAfee Firewall Enterprise System Administration Intel Security Education Services Administration Course

What is Web Security? Motivation

Web Application Firewall on SonicWALL SSL VPN

Deployment Guide. AX Series for Microsoft Lync Server 2010

Securing Networks with PIX and ASA

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

FortiMail Filtering. Course 221 (for FortiMail v4.2) Course Overview

IBM. Vulnerability scanning and best practices

End-to-End Application Security from the Cloud

CS 558 Internet Systems and Technologies

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

FortiOS Handbook WAN Optimization, Web Cache, Explicit Proxy, and WCCP for FortiOS 5.0

ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Barracuda Networks Web Application Firewall

How To Use The Cisco Ace Module For A Load Balancing System

Firewall Firewall August, 2003

Cyan Networks Secure Web vs. Websense Security Gateway Battle card

Implementing Cisco IOS Network Security

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Chapter 8 Router and Network Management

What's New in Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500 and Cisco 7600 Series Software Release 2.1.0

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

SERENA SOFTWARE Serena Service Manager Security

F5 Silverline Web Application Firewall Onboarding: Technical Note

JOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City

VMware vcenter Log Insight Getting Started Guide

F5 Configuring BIG-IP Local Traffic Manager (LTM) - V11. Description

Adobe Systems Incorporated

Information Technology Policy

Web Application Security 101

Transcription:

FortiWeb 5.0, Web Application Firewall Course #251 Course Overview Through this 1-day instructor-led classroom or online virtual training, participants learn the basic configuration and administration aspects of the most commonly used features on the FortiWeb Web Application Firewall Appliance. Through interactive modules, participants explore server policies, web protection profiles, DoS protection policies, load balancing, authentication offloading, SSL offloading, auto learn, web vulnerability scan, and more. This training provides a solid understanding of how to implement, administrate and troubleshot a FortiWeb solution in a corporate environment. Course At the conclusion of this course, participants will be able to:» Identify the most common web application attacks» Understand the benefits of using a web application firewall» Describe the main FortiWeb characteristics and features» Understand the differences between the different operation modes» Configure serve policies and web protection profiles to protect a web application» Describe the most important settings inside web protection rules and policies» Implement SSL offloading, authentication offloading, compression offloading, SSL inspection and load balancing» Import and manage certificates for FortiWeb use» Configure the FortiWeb device to protect web applications against DoS attacks» Use auto-learn to create ad hoc web protection profiles» Describe the OSWASP top 10 guidelines» Configure the FortiWeb device to comply with each of the OSWASP top 10 guidelines» Analyze the data from a web vulnerability scan report» Know the basic commands and tools to start a troubleshooting process

Products Used in This Course FortiWeb Appliance Prerequisites Extensive experience administrating web applications Basic understanding of web security Basic understanding of firewall concepts System Requirements If performing this training online, students will require the following: A high-speed Internet connection A Web browser that supports the Adobe Flash Player to launch the Virtual Classroom Speakers or a headset to follow along with the audio portion of the presentation Adobe Reader to view on-line class materials Who Should Attend This course is intended for networking professionals involved in the installation, administration, management and troubleshooting of a web security infrastructure using FortiWeb appliances.

AGENDA Module 1: Functional Overview In this module students review the types of web application attacks and why Web Application Firewalls are needed. This module also provides a quick overview of the FortiWeb features and product family. Finally, students learn the different FortiWeb deployment options.» Describe the FortiWeb deployment options» Explain the importance of using Web Application Firewall (WAF) to protect web applications Introduction to web application attacks Most common categories of web application attack techniques Benefits of using a Web Application Firewall FortiWeb characteristics and features FortiWeb family of appliances and Virtual Machines Operation modes

Module 2: System Configuration In this module students learn to access the unit, configure the initial device settings, and create custom admin accounts. The module also explains how to implement a high availability solution using 2 FortiWeb devices.» Access the unit s Graphical User Interface (GUI) and Command Line Interface (CLI)» Configure the initial FortiWeb device settings» Test the FortiWeb network connectivity Accessing the Graphical User Interface (GUI) and the Command Line Interface (CLI) Real-time Dashboard Context Sensitive On-Line Help Configuring the network interfaces and V-zones FortiWeb routing IP-based forwarding Creating admin accounts and access profiles Introduction to FortiGuard subscription services Fail-open configuration High-availability (HA) Upgrading the firmware

Module 3: Policies and Profiles In this module students learn to create server policies and objects, such as virtual and physical servers, server farms and custom services. The module also describes the SSL offloading, SSL inspection and load balancing features.» Configure a serve policy to protect a web application» Configure application load balancing between two physical web servers» Check that the load balancing feature is working properly» Generate a certificate signing request» Import a signed certificate into the FortiWeb device» Implement SSL offloading Server policies Web protection profiles Configuration steps Policy behavior by operational mode Virtual server Physical server Server farm Load balancing Certificate management SSL offloading SSL inspection Customized services Protected host groups

Module 4: Web Protection This module explains some of the most important Web protection rules and policies. Students also learn to disable and create exception for specific policies..» Describe the most important settings inside the web protection rules and policies» Configure a web protection profile to protect a web application Standalone and shared IP IP list Brute force Cookie poison detection HTTP protocol constraints Start page and page order rules Parameter validation Upload restriction IP reputation Signature polices Anti-defacement URL access Known search engines Cross site scripting (XSS) SQL injection Bad robots Credit card detection AV scanning Generic attacks and known exploits Tuning the signature policy

Module 5: Application Delivery and DoS In this module, students learn how to do authentication offloading and configure the FortiWeb device to protect web applications against DoS attacks.» Describe the most important settings inside the authentication, file compress and DoS protection policies» Configure and test authentication offloading Authentication offloading Local users Remote authentication servers File compression offloading Introduction to DoS protection HTTP access limit Real browser enforcement Malicious IPs HTTP flood prevention TCP flood prevention SYN cookie

Module 6: Auto-Learning This module explains how to configure, monitor and use the auto-learn feature to create ad-hoc web protection profiles.» Configure the auto-learn functionality» Analyze the auto-learn results» Use auto-learn to create ad hoc web protection profiles Introduction to auto-learning Data type group Suspicious URL Application policy Auto-learn profile Auto-learn report overview Generating the web protection profile from the auto-learn report Auto-learn best practices

Module 7: PCI DSS Compliance and Vulnerability Assessment This module lists the two PCI DSS (Payment Card Industry Data Security Standard) requirements that are specific for web applications. Additionally, it explains how to set up the FortiWeb to adhere to the OWASP top 10 guidelines. Students also learn to run a web vulnerability scan and analyze its results.» Describe the OSWASP top 10 guidelines» Describe how FortiWeb can be configured to comply with each of the OSWASP top 10 guidelines» Configure the FortiWeb to run a web vulnerability scan» Analyze the data from a web vulnerability scan report Overview of the Payment Card Industry Data Security Standard (PCI DSS) PCI DSS Requirements for web application firewalls Introduction to the Open Web Application Security Project (OWASP) Using the FortiWeb device to protect web applications from the OWASP top 10 vulnerabilities Web vulnerability scan preparation and execution Understanding the web vulnerability scan Report

Module 8: Troubleshooting In this module, students learn some basic commands and procedures to troubleshoot technical problems.» Know the basic commands to start any troubleshooting process» Use the attack console to solve false-positive issues» Understand how FortiGuard works FortiWeb unit storage structure Storage Maintenance FortiGuard troubleshooting Checking the system status Monitoring the system performance Network interface statistics Checking the ARP table Connectivity test commands Packet sniffer Event logs Attack logs Integration with FortiAnalyzer Data analytics Bot analysis Blocked IPs Troubleshooting false-positive issues UDP and TCP port for outgoing and incoming connections

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information