In this 2 day hands-on course, students will learn:
• How to initially implement and configure SecureSphere for an on premise Web Application Firewall including
ThreatRadar subscription services.
• How to evaluate the configuration of the Web Application Firewall to ensure it is monitoring protected assets you have
• How to implement detection and protection controls using Policies and Followed Actions
• How to configure Web Profiling.
• How to analyze Violations and Alerts.
• How to perform best practice tuning tasks.
• How to configure Active Blocking and error pages.
• How to integrate external web scanner data with SecureSphere and manage identified vulnerabilities.
• How and why to configure SecureSphere Web Gateway to work in a Reverse Proxy deployment mode.
Lesson 1: Web Application Security Admin Setup
• Configure users, roles and permissions for the SecureSphere Web Application Firewall.
• Create additional SecureSphere users with local or external authentication, as needed.
Lesson 2: Verifying the Initial Configuration
• Verify and configure all Web assets for protection by SecureSphere.
• Configure the details of a Web Service object and associated application object in a manner which accurately represents
an organization’s deployment of a specific web application.
• Verify network traffic from Load Balancers and Proxies will be handled correctly.
• Install SSL keys for the Web applications to be protected.
• Prevent potential compliance issues by configuring Data Masking to prevent sensitive information from being captured
• Customize the SecureSphere default error page.
Lesson 3: Web Application Level Preparations
• Create additional Web Application Sites Tree objects, as needed.
• Map an application object by host header and prioritize the mapping rules.
• Adjust the initial learning thresholds based on the protected applications and Imperva best practice recommendations.
Lesson 4: Web Application Security Policies
• Given different types of Web attacks, configure appropriate polices to defend Web applications.
• Create Action Set policies.
• Assign relevant Action Set policy to specify Security Policy Followed Actions.
• Configure and apply signature policies to defend Web applications from attacks with easily recognizable signatures.
• Disable a signature from a signature dictionary.
• Configure and apply protocol policies to defend Web applications from protocol att
Lesson 5: Web Application Profiling
• Describe the components of the Web Application Profile.
• Explain how the Web Application Profile learns and protects Web applications.
• View a summary of all the profiles and statistics about them.
• Define and explain how application activity is mapped to the profile with application mapping.
• Identify common Web application components used in the learning process.
• View and edit a profile URL’s HTTP methods and URL parameters.
• Display a profile’s list of URL patterns defined for the application, learned cookies and their statuses, a list of the
application’s login action URLs, a list of the hosts on which the application’s URLs are located and susceptible
• Monitor the Web profile as it is being built during the learning period.
• Switch a URL from learning mode to protect mode.
• Lock a URL or a URL directory.
• Define and explain how Web application user tracking operates.
• Specify the authentication method to be used for a Web service.
• View, add and edit Action URLs.
• Define a Web Application User Tracking Decision Rule.
• Create a Set of Decision Rules for an Action URL.
• Explain how to select Web Profile Policy rules for the protected Web application.
• Configure appropriate reports to help administrators analyze profiles and profile learning.
• Display graphical representations of profile information.
Lesson 6: ThreatRadar Threat Intelligence
• Identify and configure appropriate ThreatRadar feeds to help secure web applications.
• Configure and use ThreatRadar Reputation Service to identify potentially malicious client activity.
• Protect Applications from Anonymous Proxies, Comment Spam IPs, Malicious IPs, Phishing URLs, and TOR IPs.
• Identify when to use and how to configure ThreatRadar Reputation Services.
• Identify when to use and how to configure ThreatRadar Bot Protection.
• Identify when to use and how to configure Community Defense.
• Identify environments that may benefits from ThreatRadar Fraud Prevention Services.
• Use IP Forensics to investigate and analyze source of traffic SecureSphere alerts.
• Enable and disable ThreatRadar services globally.
• Restrict Access by Country using IP Geo Location.
• Mask data in feeds sent to Community Defense.
Lesson 7: Alerts, Violations and Monitoring
• Monitor alerts using the dashboard view
• Identify Gateways managed by SecureSphere.
• Review the state of Gateways and server groups.
• Analyze traffic, CPU load, and hits.
• Analyze the latest alerts and system events.
• Apply a filter to view alerts generated in a specific date range.
• Identify false positive and attack events.
• Identify tuning opportunities.
• Determine alert severity, action taken in response to the event, and whether the alert information has been aggregated.
• Apply basic, quick, and advanced filters to Alerts and Violations.
• Configure appropriate reports for analysis of Alerts and Violations.
• Configure appropriate reports to identify tuning opportunities.
• Correct false positive events with the “Add as Exception” and “add to profile” buttons.
• Flag Alerts to support an event review workflow.
Lesson 8: SecureSphere Web Application Firewall Tuning
• Tune SecureSphere to minimize false positives, streamline profiles, improve policies and reduce non-essential alerts.
• Explain the impact and trade-offs of the “add to profile” button.
• Explain the impact and trade-offs of Parameter prefixes and URL prefixes.
• Identify impacts of modifying predefined, automatically applied Policies.
• Create custom policy to minimize the impacts of modifications with the predefined, automatically applied Policies.
• Reduce the number of alerts in SecureSphere by preventing the display of false positives and making changes to noisy
• Improve performance of SecureSphere by removing redundant policies and controlling the size and number of profiles.
• Confirm the correct SSL keys have been imported and the encryption ciphers used by the servers.
• Exclude trusted vulnerability scanners from WAF inspection.
• Identify profiling anomalies.
• Determine if a separate web application should be created.
• Determine if web profile plug-ins are needed and configure them.
• Build a report to show how many of what type alerts have occurred.
• Use this report to direct your alert review and give you an agenda for alert tuning.
• Restrict application object monitoring to specific URLs and directories.
Lesson 9: Active Blocking
• Configure SecureSphere to enforce the tuned configuration.
• Move SecureSphere from Simulation to Active Blocking mode.
• Test that blocking is occurring with simulated attack patterns.
• Verify the error page is working and is displaying a non-default error page.
• Define custom error pages and error page policies.
• Configure additional Web Error Page Groups as needed.
• Monitor suspicious, Users/IPs/Sessions and apply extended blocking with Action Sets and Followed Actions.
Lesson 10: Web Scanner Integration
• Integrate external web scanner data with SecureSphere and manage identified vulnerabilities.
• Conduct a web server scan.
• Prepare results from the vulnerability scan for import into SecureSphere.
• Import scanner File.
• Configure a scanner integration policy.
• Apply the policy to the target server where the scan results originated.
• View the results of the Scanner Integration in the Vulnerability Workbench.
• Mitigate vulnerabilities discovered.
Lesson 11: Configuring Reverse Proxies
• Select the appropriate reverse proxy mode based on deployment requirements for URL rewriting, cookie signing, SSL
termination, and/or response rewriting.
• Configure Reverse Proxy mode settings.
• Create and configure default and custom web error pages for use in security policies.
• Configure URL rewrite and redirection rules.
• Configure SecureSphere to work with SSL Client Certificates.
Before taking this course, you should have already completed SecureSphere System Administration training.
In addition, make sure you have the following skills:
• General understanding of application layer security concepts, application layer Web, and/or database protocols.
• Experience implementing or managing data center security or database applications
Criada em 2008 para atender à crescente demanda por treinamentos, a inLearn deixou de ser uma empresa focada apenas no atendimento de necessidades pontuais, passando a ser um braço de outsourcing de educação, estratégico para distribuidores e integradores de TI, além de buscar oferecer soluções educacionais de diversas áreas de interesse corporativo.
Ao longo de nossa história já capacitamos mais de 10.000 alunos, não apenas em nossas salas de aula, mas também nas instalações dos nossos clientes ou parceiros, com abrangência na América Latina.