F5 ASM ReCertified Technology Specialist

I don’t know if you have realised I’m writing a lot about F5 ASM lately. The aim of these last posts is studying for the recertification exam. I took the 303 – BIG-IP ASM Specialist exam last week which I passed successfully. I'm glad to say I've learnt a lot studying for this exam. Today, I’m going to write an overview with all the things I have been reading, writing and testing about F5 ASM such as labs, KB, Youtube videos and exams.

You will have already seen my last posts where I’ve written about some labs I’ve recorded. For instance, I wanted to know how Compact Mode works, and I recorded a video. I’ve also recorded labs about Bot Defense, Fundamental Security Policy and blocking some attacks such as XSS attack. In addition, I wrote about F5 Advanced WAF and BIG-IP ASM, which is a question most customers ask me.

You will have also read posts about Good Protection, Elevated Protection, High Protection and Maximum Protection. I think these are three interesting posts which help us to start small, but most of all, start. We should start with Good Protection where a Rapid Deployment Policy with IP Intelligence and Threat Campaign are enough for a good security level. However, If you want to improve the security level, the maximum protection will help you with Data Guard, DAST integration and advanced security features.

Understanding how to build web application security policies with entities is also very important to pass the ASM specialist exam. Firstly, we have to know what is an entity. File types, URLs, Parameters, Cookies and Redirection domains are the entities we are going to protect. Finally, we are going to use a learning strategy to learn these entities. We can choose learning with Always (Add All Entities), Selective, Never (Wildcard Only) or the new learning setting of Compact Mode.

Reading the BIG-IP ASM operation guide is mandatory to pass the exam. There are 9 chapters that you should read. You will learn from the benefits of WAF protection to how to collect BIG-IP ASM data for troubleshooting. Although I had already read it two years ago, I’ve read it again to remember concepts and tips. In addition to know how ASM works, it’s also important to know how BIG-IP works. For instance, we should know how data and control plane tasks use separate logical cores when the BIG-IP system CPU uses the HTSplit feature.

Finally, what is also really useful are the Youtube videos of F5 Networks WW Field Enablement channel where there is a playlist with more than 40 videos of ASM and Advanced WAF. What’s more, you can take practice exams from Exam Studio where they contain the same number of items, time constraints, and difficulty and simulate the proctored, production exam experience.

Thanks and luck!