Achieve OWASP Compliance Through BIG-IP AWAF

The BIG-IP system provides an OWASP Compliance Dashboard, which displays a list of AWAF policies and their respective OWASP Top ten compliance scores. It provides an interactive dashboard that measures your compliance with the OWASP Application Security Top ten. The Top ten are then broken down into security protections that may be turned on, off, or ignored from the dashboard. You will build a fully compliant AWAF policy from scratch in this lab to cover the OWASP top ten for 2021. 

1. Give the user an overview of the OWASP Compliance dashboard within Big-IP
2. Walk the user through creating a security policy that protects against the Top 10 application security risks 

1 x Windows Jump host (Win Server 2012 R2) with vscode installed

1 x CICD and Docker (NGINX API gw, Dev Portal) (Ubuntu 18.04)

1 x BIG-IP v 17.0.1

1 x GitLab CE server (Ubuntu 18.04)

1 x Vyos Router (Ubuntu 18.04)