Рет қаралды 1,320
The purpose of this demo is to show how to stabilize a BIG-IP Advanced WAF security policy. The stabilization process encompasses both the learning, and staging process. While entities (such as file types, URLs, and parameters) are still in staging (not enforced), the security policy is not yet stabilized. In this demo we will:
1. Show an existing BIG-IP Advanced WAF security policy with no entities.
2. Generate traffic to the web application and show BIG-IP Advanced WAF learning the file types, URLs, and parameters for the web application. All entities will still in staging.
3. Simulate a large amount of user requests to the web application over a period of time and show how BIG-IP Advanced WAF automatically configures entity attributes and entity enforcement.
4. Continue this process until the security policy is stabilized, meaning that all entities are out of staging and enforced.
5. Test the security policy by attempting malicious requests that violate enforced parameter attributes.