F5 Advanced WAF
Build, tune and operate application-security policies that protect modern web applications and APIs without breaking legitimate traffic.
Who Is This For
- F5 LTM engineers moving into application security
- WAF, application-security and network-security engineers
- SOC analysts who investigate web and API attacks
- Operations teams responsible for policy tuning and false positives
Prerequisites
- HTTP, HTTPS, DNS and TLS fundamentals
- F5 virtual server, pool, profile and traffic-flow basics
- Awareness of common web application risks
Full Syllabus — 17 Modules
M 1Advanced WAF Architecture and Request Flow
- BIG-IP data plane, virtual server and application-security policy
- Where LTM profiles, security controls and logging interact
- Deployment patterns and trust boundaries
M 2HTTP, Application Context and Attack Surface
- Methods, headers, cookies, parameters, sessions and content types
- Application mapping and trust assumptions
- Safe review of representative malicious requests
M 3Policy Creation and Deployment Modes
- Policy templates, language, encoding and server technologies
- Transparent and blocking operation
- Change control, backups and rollback planning
M 4Learning, Staging and Enforcement Readiness
- Learning suggestions, confidence and traffic samples
- Staging new signatures and policy entities
- Moving controls to enforcement without avoidable outages
M 5URLs, Parameters, File Types and Methods
- Positive-security modelling and entity relationships
- Wildcards, explicit entities and policy granularity
- Content profiles and request constraints
M 6Attack Signatures and OWASP Coverage
- Signature sets, accuracy, risk and systems
- Overrides, exceptions, staging and updates
- Mapping protection to common OWASP risks
M 7Evasion, Protocol and HTTP Compliance
- Encoding, normalization and parser ambiguity
- HTTP compliance checks and malformed requests
- Avoiding policy gaps caused by inconsistent interpretation
M 8Cookies, Sessions and Login Protection
- Cookie security, session awareness and login pages
- Brute-force and credential attack controls
- Authentication intelligence and anomaly review
M 9Bot and Automated Traffic Defence
- Bot classification, signatures and browser verification
- Good bots, unknown automation and malicious bots
- Choosing mitigation with user-experience impact in mind
M 10DoS and Behavioral Protection
- Application DoS profiles, baselines and stress indicators
- TPS, latency and heavy URL considerations
- Mitigation, logging and operational escalation
M 11API and JSON/XML Security
- JSON and XML profiles, schema concepts and content enforcement
- API endpoints, methods, parameters and authentication context
- Policy strategies for modern API traffic
M 12Data Protection and Response Controls
- Sensitive data patterns and response inspection
- Information leakage, masking and logging decisions
- Balancing visibility with privacy requirements
M 13Threat Campaigns, IP Intelligence and Geolocation
- Reputation, threat campaigns and contextual signals
- IP and geographic controls with exception handling
- Layered policy decisions and operational risk
M 14Logging, Analytics and SIEM Integration
- Request logging profiles and event detail
- Local reports, remote logging and SIEM fields
- Building evidence for investigation and tuning
M 15False Positives and Systematic Policy Tuning
- Reproduce, isolate, explain and safely remediate
- Exceptions, signature overrides and entity refinement
- Testing changes and documenting residual risk
M 16High Availability, Performance and Operations
- Configuration sync, failover and policy consistency
- Capacity, resource use and performance trade-offs
- Upgrades, signature lifecycle and operational runbooks
M 17Troubleshooting and Capstone Review
- Request-flow troubleshooting from client to pool member
- Policy behavior, logs, packet evidence and configuration review
- Design and tune protection for a sample application
Guided Demonstrations
Request Flow
Trace a request through virtual server, profiles, WAF policy and pool.
Policy Build
Create a policy, review learning suggestions and stage enforcement.
False Positive
Reproduce, analyze and tune an issue without disabling broad protection.
Investigation
Use request logs and analytics to explain an event and recommend action.
What You Get
- 34 hours of structured recorded instruction and demonstrations
- Policy-build and troubleshooting checklists
- Application-security architecture and request-flow guidance
- Scenario-based operations and interview questions
- Techclick course completion certificate according to course requirements
Official Reference Set
The course uses current F5 product documentation as the source of truth for feature behavior and version-specific interfaces.
FAQ
Q 1Is this the same as the F5 LTM course?
No. This course concentrates on application security. The LTM/GTM/ASM track is broader and includes traffic management and DNS.
Q 2Does it include live lab access?
This offering is listed as recorded training with instructor demonstrations. Confirm any separate lab option before enrollment.
Q 3Which product version is used?
The concepts follow current BIG-IP Advanced WAF operations. Version-specific screens and behavior are checked against the official reference set for the active course release.
Protect applications without guessing.
Learn a repeatable workflow for policy design, tuning and investigation.