Scribd
Upload
52 views

Akamai Web Application and Api Protection

Uploaded by

ShijuMathew
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
52 views

Akamai Web Application and Api Protection

Uploaded by

ShijuMathew
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

AKAMAI WEB APPLICATION

AND API PROTECTION

Course Overview and Agenda

March 2023
2

Course Overview

The Akamai Web Application and API Protection is a comprehensive course that focuses on
configuring and maintaining App & API Protector (AAP) with Advanced Security Management
(ASM) using the new Adaptive Security Engine. The course starts with setting up a basic
configuration utilizing default best practices. It describes the concepts involved in analyzing
and tuning the configuration to maintain it. The participants learn how to protect both APIs
and web applications. They are also taught how to detect bots and apply actions to those that
pose an immediate threat with the new Bot Visibility & Mitigation (BVM) feature.

The topics presented introduce theoretical knowledge complemented with a suitable


hands-on component (eg: a group activity or a lab). The course also outlines common use
cases for enhanced user experience.

Objectives

At the end of this course, participants will be able to:

● Describe the basics of the Akamai Intelligent Edge Platform.


● Explain the Threat Landscape as it applies to Web Application Security.
● Describe the features of the Application & API Protection products.
● Configure and activate AAP.
● Test the AAP configuration for APIs and web applications.
● Analyze the behavior of the configuration using reporting and alerting tools.
● Tune AAP in accordance with the results of the analysis.
● Discover the DevOps capabilities using our Security APIs.

This copy is for Akamai University Participant benefit, not for distribution, sale or reproduction.
3

Agenda

The Akamai Web Application and API Protection course curriculum can be delivered either as:

● CLASSROOM TRAINING: 2 day (8 hours)


● ONLINE TRAINING: 3 days (4,5 hours each)

The agenda for this training is listed below.

This copy is for Akamai University Participant benefit, not for distribution, sale or reproduction.
4

Duration (min) Module Name & Description

MODULE 1: INTRODUCTION
30 This module is an introduction to Akamai, the Cloud Security Solutions portfolio, and the
Akamai Control Center.

MODULE 2: THREAT LANDSCAPE AND WEB APPLICATION SECURITY


30 This module will cover the basics of Web Application Security, such as OWASP, common
attack trends, and how bots are designed, developed and used to attack web applications.

MODULE 3: SITE DELIVERY COMPONENTS


This module will describe the components used in basic site delivery like Site Shield, Site
Failover, Compliance Management, etc. and how they can be edited to optimize the
60 configuration and provide elements of security within the delivery configuration.
LAB: CREATING A DELIVERY CONFIGURATION
LAB: OPTIMIZING A DELIVERY CONFIGURATION

MODULE 4: INTRODUCING AAP-ASM

This module will introduce the new App & API Protector (AAP) with Advanced Security
30
Management using the new Adaptive Security Engine, discuss the differences between
AAP-ASM and Kona Site Defender or Web Application Protector, and how to upgrade into
AAP-ASM from an existing product.

MODULE 5: SECURITY CONFIGURATION


This module discusses the new features of the App & API Protector (AAP) with Advanced
Security Management, and how to configure the various components such as Selected Hosts
150 and Match Targets, Rate Controls, Application Layer Controls, Network Layer Controls, and
Slow POST protection.
LAB: SETTING UP A SECURITY CONFIGURATION

MODULE 6: PROTECTING API TRAFFIC


60 This module focuses on the details of API protection and how to set up a configuration for the
protection of APIs.

MODULE 7: CLIENT REPUTATION


This module focuses on what Client Reputation is and how it fits into Akamai’s layered
30 defense concept.
LAB: CLIENT REPUTATION

This copy is for Akamai University Participant benefit, not for distribution, sale or reproduction.
5

MODULE 8: MALWARE PROTECTION


20 This module covers the basics of Malware Protection, including overview, configuration, and
troubleshooting

MODULE 9: REPORTING AND ALERTING

This module demonstrates how to identify and utilize the different reports used in analyzing
Network Lists, DOS Protections, Rate Controls, Slow POST protection, ASE rules, and
60 Patternbased bots. The Security Dashboard, Security Center, and Web Security Analytics will
be highlighted. The module concludes with best practices around setting up notifications
within the Security Center.

LAB: SETTING UP WSA ALERTS IN SECURITY CENTER

MODULE 10: TUNING AND MOVING INTO DENY

90 This module delves into how and when to set rules for the Adaptive Security Engine within
AAP-ASM into Deny mode.

LAB: TUNING WEB APPLICATION FIREWALL

MODULE 11: DEVOPS + SECURITY (DEVSECOPS)


This module explores in detail the use of DevSecOps philosophies to automate security tasks
30 using APIs as well as the security functionality available via Akamai APIs. This module also
explores configuring reporting options for the SIEM integrations.
LAB: USING THE APPSEC API

MODULE 12: SUMMARY


30
LAB: TESTING YOUR CHANGES

60 Survey, Quiz & Certification

This copy is for Akamai University Participant benefit, not for distribution, sale or reproduction.
6

This copy is for Akamai University Participant benefit, not for distribution, sale or reproduction.

You might also like