F5 Distributed Cloud > F5 Distributed Cloud: Web Application Security & Scanning Source | Edit on
Introduction to the Lab¶
Narrative:
Congratulations! You are a Network Security Engineer at ACME Corp!
You are responsible for securing your company’s public-facing web applications and APIs. A recent web application vulnerability scan uncovered multiple OWASP Top 10 vulnerabilities in a customer-facing application, raising concerns from both the application team and the risk and compliance organization. In response, ACME Corp has mandated that all internet-facing applications and APIs are protected by a Web Application Firewall (WAF) within a short timeframe.
Rather than deploying and managing separate security solutions across on-premises and multiple cloud environments, you decide to evaluate F5 Distributed Cloud. As a SaaS-based platform, F5 Distributed Cloud provides a wide ranges of security services, such as WAF, Bot Defense, and Malicious User Mitigation, through a unified control plane, enabling rapid deployment and consistent protection across environments.
In this lab, you will apply layered security controls using F5 Distributed Cloud, including WAF Policies, Bot Mitigation, and Malicious User Detection (Labs 1–3) to the Acme AppWorld application.
Given that web application scans can take an unpredictable amount of time–sometimes up to an hour–You will begin by examining a pre-existing Baseline Vulnerability Scan completed before any F5 Distributed Cloud protections were applied. Upon completing Lab 4, you will examine a second pre-generated report XC Protected Vulnerability Scan to validate how F5 Distributed Cloud security services significantly reduced the risk/exposure by mitigating previously identified vulnerabilities. Finally, you will use AI-Assisted Analytics (Lab 5) to validate security events and gain operational insight into how the application is being protected.
This end-to-end workflow highlights how organizations can discover vulnerabilities, deploy protection quickly, and continuously improve security posture using F5 Distributed Cloud.
Lab Environment¶
The image below represents an overview of the lab environment. F5 Distributed Cloud Services will be configured as a SaaS Edge delivery and security service tier to a publicly hosted web application. The key elements lab attendees will interact with are as follows:
|
|
Accessing F5 Distributed Cloud Console¶
The following tasks will guide you through the initial access requirements for the associated lab environment. Lab attendees should have received an invitation email to the lab environment based on the submitted registration email. Please check email and spam folders if it has not been received. If you have not received an email, please contact a member of the lab team. |
F5 Distributed Cloud Console, where this lab will be conducted, is a SaaS control-plane for services that provides a UI and API for managing network, security, and compute services. The F5 Distributed Cloud Console can manage “sites” in existing on-premises data centers and sites in AWS, Azure, and GCP cloud environments. |
Course/Lab Invitation¶
Course/Lab Attendees will receive an email similar to the graphic displayed in this section. The email will come from courses@notify.udf.f5.com. As attendees maybe registered for several lab/courses, ensure the correctly identified course is selected. Use either the first or second link position (indicated by arrows) based on the attendee’s F5 UDF (Unified Demo Framework) Account Status.
|
|
Accessing UDF (F5 Unified Demo Framework)¶
The following will guide attendees through the initial Lab environment access within F5 UDF. Following the instructions from the Course/Lab invitation above, attendees will be prompted to login at https://udf.f5.com Note The steps for new UDF Users or the steps for resetting UDF User account passwords are not shown. Please contact a member of the lab team if further assistance is needed. |
|
Attendees will be prompted to enter their UDF account, password and complete MFA as shown. MFA must be completed by either selecting Send Push or Enter Code. Note MFA process will very based on the MFA integration selected for the UDF Account. OKTA Verify is shown. |
|
Attendees will then be presented their scheduled course sessions. Locate the course/lab with the appropriate Date, Time and Name and then click Launch. |
|
Once redirected to the selected Course/Lab, click the Join button. |
|
Accessing F5 Distributed Cloud¶
Following the state change of the Client System to a green arrow (running) icon, attendees will receive a second email. This email will come from no-reply@cloud.f5.com. Click the Accept invitation with in the email. Note This link should be accessed in the same browser session as UDF was accessed for seamless experience. Warning Attendess should not attempt access to F5 Distributed Cloud tenant prior to receiving email. Lab permissions may need to be re-applied. |
|
The initial logon prompt will be presented. Click Sign on with Okta to proceed. SSO will process and onboarding to the tenant will proceed. |
|
Next the Terms of Service and Privacy Policy will display, check the box and then click Accept and Agree. In the following screen, Select all persona roles and click Next. This allows attendees to see all the various configurations. Personas can be changed anytime later within the console if desired. In the next screen, click Advanced to expose more menu options and then Get Started to begin. You can change this setting after logging in as well. Note Several Guidance ToolTips or Notices may appear. Attendees can safely close these out in order to begin the lab. |
|
Attendees will now be presented the Home page of the F5 Distributed Cloud Console with all the workspaces, features and services available. |
|
Beginning of Lab: You are now ready to begin the lab, Enjoy! Ask questions as needed. |
|
