Citrix ADC Advanced Topics - Secure Web Applications

NetsScaler AppFirewall protects web apps and sites from known and unknown attacks. This three-day course will teach you how to address application services security requirements with AppFirewall.

After studying AppFirewall, you’ll learn about many different types of web attacks and vulnerabilities, such as SQL injection and cookie tampering, and how to protect against them. The course also covers policies, profiles and expressions; monitoring, management and reporting; and troubleshooting techniques. Highlighted features include the Adaptive Learning Engine and NetScaler Secure Insight. This advanced course is designed for IT professionals with previous NetScaler experience.

Is this course for you?

Designed for students with previous NetScaler experience, this course is best suited for individuals who will be deploying and/or managing Citrix NetScaler Application Firewall (AppFirewall) in Citrix NetScaler environments.

Recommended prerequisite courses:

CNS-102 NetScaler Overview

AND

CNS-220 Citrix ADC 12.x Essentials and Traffic Management

OR

CNS-222 Citrix ADC 12.x Essentials and Citrix Gateway

​Citrix also recommends an understanding of the following concepts and technologies:

  • The functionalities and capabilities of Citrix NetScaler
  • Basic NetScaler network architecture
  • Obtaining, installing, and managing NetScaler licenses
  • Use of NetScaler traffic management features
  • Basic Networking
  • Windows and Linux Server administration
  • Web Services
  • SSL encryption and certificates
  • Common web services attacks and use of 3rd party tools

Upon successful completion of this course, students will be able to:

  • Identify common web attacks and vulnerabilities
  • Write PERL compatible regular expressions
  • Understand how to utilize the adaptive learning engine
  • Configure AppFirewall to protect web applications
  • Utilize NetScaler Secure Insight to Monitor, Manage and report on Application Services security
  • Troubleshoot AppFirewall

Program:

Module 1: AppFirewall Overview

  • AppFirewall solution Security Model
  • Common Attacks Overview
  • PCI-DSS Compliance

Module 2: AppFirewall Policies and Profiles

  • Profiles
  • Policies
  • Engine Settings
  • AppFirewall Learning

Module 3: Regular Expressions

  • Forms of Regular Expressions
  • Using Regular Expressions
  • Meta/Literal Characters
  • PCRE
  • RegEx Tools
  • Regular Expression Scope

Module 4: Attacks and Protections

  • Data Flow with AppFirewall
  • Security Checks
  • AppFirewall Actions
  • Adaptive Learning
  • Signatures
  • Cookie Protection
  • Advanced Form Protection Checks
  • URL Protections

Module 5: AppFirewall Monitoring and Troubleshooting

  • AppFirewall and Web Applications
  • Logging and Reporting
  • Customizing Errors
  • Troubleshooting
  • NetScaler Security Insight

Module 6: Security and Filtering

  • IP Reputation
  • Rate Limiting
  • AppQoE
  • HTTP Callout

As part of this course, students will receive the following materials:

  • Access to a lab environment for the duration of the course
  • Lab exercise guide
  • Access to final course deliverables once the course is available in general availability including copies of all official materials presented by the instructor with additional notes and references as well as videos with experts throughout Citrix around course topics and lab exercises

The Teacher is Bjarne Træholt