303 – BIG-IP ASM Specialist

For engineers preparing for the F5 303 certification exam

Understand how F5 ASM (Advanced WAF) behaves under real application traffic with full OWASP understanding.

Understand how to design, configure, tune, and safely enforce BIG-IP ASM security policies to 303 exam-level requirements from initial deployment through to learning mode, policy refinement, and blocking enforcement using all relevant security features and OWASP requirments.

Join Wait List for early access list

Enrolment opens: February 1st 2026
Full course access: February 28th 2026

Pricing €499 > Full Course

Created by: Graham Mattingley (15+ years F5 consultant - banking, aviation, government & F5 instructor)"

Last Updated: Jab 30, 2026

Course Overview

In this course, you are provided with a structured understanding of how to design, deploy, tune, and safely enforce BIG-IP Application Security Manager (ASM) policies in alignment with the 303 certification blueprint. The course includes video training, policy configuration walkthroughs, attack analysis, and practical enforcement scenarios covering policy building methods, learning-mode behaviour, signature staging, false-positive investigation, parameter enforcement, bot mitigation, brute-force protection, and DDoS and OWASP-based attack mitigation.

You will develop the structured security methodology required to analyse application traffic, interpret ASM logs and violations, refine policies safely, and transition from transparent mode to blocking mode with confidence. Completing this course will give you the confidence to communicate requirements to development teams. This course aligns with the official F5 303 BIG-IP ASM Specialist certification exam blueprint.

What's Included

Instructor-led, self-paced video training covering ASM architecture, security policy design, and structured policy tuning methodology
Policy configuration and violation analysis using the F5 GUI and TMSH
Step-by-step walkthroughs covering policy building methods, learning mode behaviour, signature staging, parameter enforcement, and blocking strategies
Attack analysis demonstrations aligned with ALL OWASP categories, including injection, XSS, CSRF, brute-force, and bot-related scenarios. Demonstrated with the Visual Studio Code debugger to see the real impact on the application
Scenario-based enforcement and tuning exercises with multiple-choice tests to assess 303 exam readiness
Private course community access for technical discussion and 303 exam support

Join the 303 Wait List - Free Updates Until April 2026

Receive weekly build updates, preview content, and early access notifications.

What You Will Be Able To Do?

Many engineers can deploy an ASM policy.

Fewer can confidently tune, enforce, and troubleshoot it under real application traffic without breaking production. This course builds that structured security enforcement capability.

After completing this course, you'll be able to:

✅ Analyse application traffic through ASM end-to-end - Understand how requests are processed, inspected, and evaluated against policy

✅ Isolate root causes methodically - Investigate violations, determine whether behaviour is malicious or legitimate, and apply structured tuning decisions

✅ Diagnose and resolve false positives - Identify Application Changes, policy misconfigurations, signature staging issues, parameter issues, and enforcement conflicts without disabling protection. We show you the correct steps to mitigate an False Positive safly while maintaining security - no more panic fixes

✅ Design safe enforcement strategies - Transition policies from learning to blocking mode with confidence and risk awareness. Learn what initial information is required to build the initial policy

✅ Interpret logs and violation details confidently - Use the F5 GUI, logs, and reporting tools to validate security behaviour

✅ Mitigate OWASP-based attacks effectively - Understand how ASM protects against injection, XSS, brute force, bots, and protocol abuse, with full demonstrations

✅ Communicate security decisions clearly - Explain enforcement actions, risk posture, and remediation steps to developers, security teams, application owners and stakeholders

You will leave this course with the confidence to tune and enforce ASM policies safely, reduce risk exposure, and operate Advanced WAF with authority in production environments.

Course Curriculum

▶️Section 1 – Architecture/Design and Policy Creation

11 Sub-Modules | 55 Lessons

Sub-Modules and Lessons aligned to 303 blueprint objectives
Common web application attack categories and OWASP Top Ten
Transparent vs Blocking mode behaviour and enforcement impact
Security policy deployment models (Rapid, Fundamental, Comprehensive)
Automatic Policy Builder lifecycle and learning phases
Policy structure design (URLs, parameters, file types, cookies, domains, headers, sessions)
CSRF protection, DataGuard, anomaly detection, proactive bot defence
Mapping traffic to policies using LTM policies and iRules
Logging configuration and remote logging options, SIEM, Splunk
Attack signature lifecycle management (staging, enforcement readiness, update)
Policy granularity decisions and trade-offs (security vs performance)

▶️Section 2 – Policy Maintenance and Optimisation

10 Sub-Modules | 45 Lessons

Policy tuning methodology and structured refinement inline with corporate security requirements
Evaluating policy changes/application changes for security and application impact
Learning suggestions review and staging decisions, observation periods, ERP
Signature staging vs enforcement management, the signature update and management recommendations, and best practises.
Handling parameter enforcement requirements, PD, QS, JSON, XML
Managing file types, cookies, URL, parameters, cookies and header validation
Integrating vulnerability scanner output
Policy import, export, merge, revert, and version awareness
Wildcard optimisation and performance tuning considerations
Balancing security posture, usability, and operational risk, communicate posture to application teams

▶️Section 3 – Test and Troubleshoot

10 Sub-Modules | 45 Lessons

Interpreting security event logs and violation context to ensure policies are effective
Understanding violation rating and attack types in relation to policy settings and policy building risks/trade-offs
Distinguishing false positives from real attacks for policy tuning vs False Positives
Generating reports and analysing violation trends
Traffic learning versus attack learning behaviour monitoring of learning / disabaling learn suggestions
Correlating attack signatures with observed traffic
Creating and applying user-defined attack signatures
Blocking strategy adjustments and mitigation selection
Validating mitigation effectiveness safely
Long-term reporting and operational visibility strategy and communication with application teams

▶️Section 4 – Troubleshoot

8 Sub-Modules | 35 Lessons

Diagnosing policy performance impact, performance improvement options
Investigating why traffic is not triggering expected violations, False Negative
Investigating why legitimate traffic is being blocked, False Positive
Learning vs blocking mode, loosening, tightening, final tuning and blocking
Analysing performance graphs and system metrics
Correlating policy history with system behaviour
Debugging policy wildcard object evaluation order for entity configuration
Understanding ASM-specific user roles and access control impact

Private Community Included with the Course

Share a private community with other members of this course.
Course community membership is permanent.

✅Ask questions and get practical advice from other course members on the same learning journey.

✅Share real-world scenarios, problems, and solutions.

Want Personalised Support?

Add a 1:1 Strategy Session

Get a private hour with Graham to:
✅ Review your specific ASM/WAF study and knowledge gaps
✅ Review specific areas of the blueprint that are blockers.
✅ Live question sessions to test exam readiness
Additional Costs: €100

16 Hours of Video Lessons

Presentations, F5 GUI and CLI demonstrations, real-world ASM Virtual deployment scenarios, profile configuration walkthroughs, traffic flow analysis, and architectural design examples aligned to the 303 blueprint.

Labs with GUI, CLI, PowerShell, Visual Studio and Postman

Architectural presentations, F5 GUI and TMSH demonstrations, real-world deployment scenarios, profile implementation walkthroughs, traffic flow validation, and high availability configuration exercises aligned to the 303 blueprint.

Lesson Knowledge Checks

Targeted knowledge assessments after each module to reinforce key concepts and ensure you are progressing toward 303 exam readiness. The questions will also include production-level Q&A

Course FAQs

Is this a certification prep course?

Will this course teach me how to work with developers and application teams?

Do I need prior BIG-IP certification?

What if I struggle with OWASP, HTTP, or application fundamentals?

Is this the most advanced ASM course you offer?

Instructor

Graham Mattingley

F5 Instructor

Graham Mattingley F5 Instructor

F5-certified expert with 30+ years in application development and 15 years specialising in F5 technologies. I've deployed and secured F5 solutions for banking, aviation, and government systems across Europe. I'm also an app developer and OWASP member, so I teach security from both sides: how apps work and how to protect them.

I don't teach exam shortcuts. I teach real-world security, how ASM actually behaves under production traffic, how to tune policies without breaking applications, and how to make confident decisions when it's 2 AM and something's on fire.

This is the operational knowledge I wish I'd had 15 years ago, distilled from production deployments you won't find in official training materials.

How this course is delivered

Instructor-led, structured video lessons aligned directly to the 303 blueprint
Step-by-step policy configuration and tuning walkthroughs using the F5 GUI and TMSH
Guided attack analysis demonstrations showing real violation interpretation and safe policy refinement
Structured enforcement methodology — moving from learning mode to blocking mode with risk awareness
Scenario-based decision-making exercises to build security judgment, not just configuration familiarity
Communication-focused breakdowns explaining how to present findings to developers, security teams, and application owners
Self-paced access, allowing you to study around professional commitments
Real-world enforcement scenarios drawn from enterprise ASM deployments

Prerequisites & Requirements

A valid F5 201 – TMOS Administration certification (required before sitting the 303 exam)
Basic familiarity with BIG-IP LTM and traffic flow concepts
Solid understanding of HTTP and HTTPS request/response behaviour
Foundational awareness of common web application attack types (e.g., OWASP Top 10 categories)
Basic familiarity with HTML, API, JSON, XML
Access to a BIG-IP lab environment is recommended for hands-on policy tuning and enforcement practice. However, the course provides lifetime access, so you can revisit all demonstrations and reinforce your learning whenever needed.

If you feel less confident with HTTP fundamentals or OWASP concepts, an optional foundation mini-course is available to strengthen your understanding before progressing through the full ASM curriculum.

What happens next?

Join the waiting list to be notified when enrolment opens
Receive weekly, blueprint-aligned ASM/OWASP troubleshooting scenarios and diagnostic insights while the course is in development
Get early access and priority enrolment before the public launch