WAF for Dev-Ops

Web Application Firewall course for Developers and IT Operations Professionals

Course Overview

Web applications have emerged and changed the way we do business, and how we access and share information. The increased use of web applications has enticed hackers looking for weaknesses to exploit. These exploits primarily target the application layer and they are not detected with sufficient accuracy by traditional IT security solutions. Historical applications such as network firewalls and intrusion detection or prevention systems were not built for the level of sophistication now employed by malicious hackers. Network exploits can turn into serious security breaches, loss of confidential information, damage to reputation, and interruption of business processes. Web Application Firewalls (or WAFs) were developed to solve or mitigate security concerns in this area.
This course will give participants an overview of the most critical web application flaws and identify which areas of a web app can be protected by a WAF. The course will provide participants with the necessary understanding to select, implement and manage a WAF. The course will enable participants answer the following questions:
> Do you need a Web Application Firewall (or WAF)?
> What type of WAF meets your organization’s security objectives and requirements?
> How will a WAF affect your existing services?
> What additional WAF services would be valuable to your organization?

Course Prerequisites

Students should have a basic comprehension of the following:
> OSI Layers
> Common application-level protocols and services such as HTTP
> Modern cryptographic methods such as Encryption and Hashing.
These prerequisites are covered in TeachWOT’s Network Fundamentals – Core course. It is recommended that this course is completed prior to undertaking WAF for DevOps.
It would also be advantageous to have knowledge and experience with HTML, JavaScript and a Server-side scripting language such as PHP.

Course Audience

This course is intended for Web Developers, IT Operations Engineers, System Administrators, Security Engineers and Researchers.


This is a self–paced online course. Each Module contains a series of slides with audio to assist with learning. Participants have access to complete the course during the period of registration which is 90 days from purchase.

Course Outcomes

Course participants will gain a detailed knowledge of WAFs, their applications, uses and best fit for different network configurations and needs.

Upon, completion, participants will have an understanding of:
> The ever-increasing threats to Web Applications
> The difference between a WAF and a traditional IT security solution such as a network firewall
> The use of WAF to prevent application bugs from turning into security breaches
> Devastating attacks such as Zero-Day exploits and DDoS
> Payment Card Industry Data Security Standard (PCI DSS) Requirement 6.6
> An overview of the OWASP Top Ten
> Different form factors where a WAF service can be delivered
> Architectural considerations related in the placement of a WAF
> Different WAF operating modes
> WAF features that extends beyond their protective nature
> The increased complexity of IT infrastructures due to the use of WAF
> Positive and negative security models
> The most popular open-source WAFs
> Financial considerations in using a WAF



Register for this course