/f5-app-sec

:sunglasses: Succeeding with application security

Primary LanguagePHPMIT LicenseMIT

  f5-app-sec

Build Status Releases Commits Maintenance Issues License Slack Status

  

Table of Contents

  

Description

The container in this repository is a collection of policies, guides, scripts and audit tools to help you succeed with application security.

Based on the following article: https://support.f5.com/csp/article/K07359270

  

Installation

Stats

To gather the configuration and stats from an F5 BIG-IP (which you have management access to), run:

docker run -it --rm -v /path/to/local/folder:/home/user/ artioml/f5-app-sec gather_stats

This will create a file named BIG-Stats.zip in the local directory you mounted into the container (/path/to/local/folder).

Run

To start the actual web app, run:

docker run -dit --rm -p 443:8443 artioml/f5-app-sec

Good WAF Security, Getting started with ASM:
https://clouddocs.f5.com/training/community/waf/html/class3/class3.html

Elevating ASM Protection:
https://clouddocs.f5.com/training/community/waf/html/class4/class4.html

High and Maximum Security:
https://clouddocs.f5.com/training/community/waf/html/class5/class5.html

WAF Programmability:
https://clouddocs.f5.com/training/community/waf/html/class6/class6.html

  • F5 Hardening script

  • ASM Policies Audit Tool

  • ASM YouTube Videos

  • ASM Word Doc to RtD

  • Upload actual ASM policies for each level

  • WAF Questionnaire

  • ASM Operations Guide

  • 2018 Application Protection Report

  • F5 University ASM training (for Partners)

  • Super-NetOps (Class3?)