F5 Advanced WAF

Build, tune and operate application-security policies that protect modern web applications and APIs without breaking legitimate traffic.

17 Modules34 HoursRecorded + DemosOperations Focus

Who Is This For

  • F5 LTM engineers moving into application security
  • WAF, application-security and network-security engineers
  • SOC analysts who investigate web and API attacks
  • Operations teams responsible for policy tuning and false positives

Prerequisites

  • HTTP, HTTPS, DNS and TLS fundamentals
  • F5 virtual server, pool, profile and traffic-flow basics
  • Awareness of common web application risks

Full Syllabus — 17 Modules

M 1Advanced WAF Architecture and Request Flow
  • BIG-IP data plane, virtual server and application-security policy
  • Where LTM profiles, security controls and logging interact
  • Deployment patterns and trust boundaries
M 2HTTP, Application Context and Attack Surface
  • Methods, headers, cookies, parameters, sessions and content types
  • Application mapping and trust assumptions
  • Safe review of representative malicious requests
M 3Policy Creation and Deployment Modes
  • Policy templates, language, encoding and server technologies
  • Transparent and blocking operation
  • Change control, backups and rollback planning
M 4Learning, Staging and Enforcement Readiness
  • Learning suggestions, confidence and traffic samples
  • Staging new signatures and policy entities
  • Moving controls to enforcement without avoidable outages
M 5URLs, Parameters, File Types and Methods
  • Positive-security modelling and entity relationships
  • Wildcards, explicit entities and policy granularity
  • Content profiles and request constraints
M 6Attack Signatures and OWASP Coverage
  • Signature sets, accuracy, risk and systems
  • Overrides, exceptions, staging and updates
  • Mapping protection to common OWASP risks
M 7Evasion, Protocol and HTTP Compliance
  • Encoding, normalization and parser ambiguity
  • HTTP compliance checks and malformed requests
  • Avoiding policy gaps caused by inconsistent interpretation
M 8Cookies, Sessions and Login Protection
  • Cookie security, session awareness and login pages
  • Brute-force and credential attack controls
  • Authentication intelligence and anomaly review
M 9Bot and Automated Traffic Defence
  • Bot classification, signatures and browser verification
  • Good bots, unknown automation and malicious bots
  • Choosing mitigation with user-experience impact in mind
M 10DoS and Behavioral Protection
  • Application DoS profiles, baselines and stress indicators
  • TPS, latency and heavy URL considerations
  • Mitigation, logging and operational escalation
M 11API and JSON/XML Security
  • JSON and XML profiles, schema concepts and content enforcement
  • API endpoints, methods, parameters and authentication context
  • Policy strategies for modern API traffic
M 12Data Protection and Response Controls
  • Sensitive data patterns and response inspection
  • Information leakage, masking and logging decisions
  • Balancing visibility with privacy requirements
M 13Threat Campaigns, IP Intelligence and Geolocation
  • Reputation, threat campaigns and contextual signals
  • IP and geographic controls with exception handling
  • Layered policy decisions and operational risk
M 14Logging, Analytics and SIEM Integration
  • Request logging profiles and event detail
  • Local reports, remote logging and SIEM fields
  • Building evidence for investigation and tuning
M 15False Positives and Systematic Policy Tuning
  • Reproduce, isolate, explain and safely remediate
  • Exceptions, signature overrides and entity refinement
  • Testing changes and documenting residual risk
M 16High Availability, Performance and Operations
  • Configuration sync, failover and policy consistency
  • Capacity, resource use and performance trade-offs
  • Upgrades, signature lifecycle and operational runbooks
M 17Troubleshooting and Capstone Review
  • Request-flow troubleshooting from client to pool member
  • Policy behavior, logs, packet evidence and configuration review
  • Design and tune protection for a sample application

Guided Demonstrations

🧭

Request Flow

Trace a request through virtual server, profiles, WAF policy and pool.

🛡️

Policy Build

Create a policy, review learning suggestions and stage enforcement.

🔧

False Positive

Reproduce, analyze and tune an issue without disabling broad protection.

📊

Investigation

Use request logs and analytics to explain an event and recommend action.

What You Get

  • 34 hours of structured recorded instruction and demonstrations
  • Policy-build and troubleshooting checklists
  • Application-security architecture and request-flow guidance
  • Scenario-based operations and interview questions
  • Techclick course completion certificate according to course requirements

Official Reference Set

The course uses current F5 product documentation as the source of truth for feature behavior and version-specific interfaces.

FAQ

Q 1Is this the same as the F5 LTM course?

No. This course concentrates on application security. The LTM/GTM/ASM track is broader and includes traffic management and DNS.

Q 2Does it include live lab access?

This offering is listed as recorded training with instructor demonstrations. Confirm any separate lab option before enrollment.

Q 3Which product version is used?

The concepts follow current BIG-IP Advanced WAF operations. Version-specific screens and behavior are checked against the official reference set for the active course release.

Protect applications without guessing.

Learn a repeatable workflow for policy design, tuning and investigation.