DevSecOps - Advanced WAF in a CI/CD Workflow

This lab covers the following topics:

• Shifting WAF policies left, closer to Dev
• Declarative Advanced WAF

Lab Goals:

• Describe the main DevSecOps concepts and how they translate into an actual environment
• Describe the various roles in a DevSecOps workflow (SecOps, Dev, DevOps)
• Describe the workflow with F5 Application Security integrated into the pipeline

Roles in the Lab:

• SecOps - Represents an application security engineer
• Dave - Represents a guy from the application / end to end team, responsible for the app and infrastructure code required to build the app.
• DevOps / Automation / SRE - aren’t represented in the lab. Their role is to build the tools we utilize in this lab (the automation pipeline of infrastructure and application security)

OUT OF SCOPE:

• The “how-to” and the mechanics of the automation components
• Please refer to the F5 Super-NetOps Training for the above

Expected time to complete: 1 hours

To continue, please review the information about the Lab Environment.

• Lab info
• Module 0 - initial setup
• Module 1: Shifting WAF policy left, closer to DEV.
• Module 2: Declarative advanced waf