Community Training Classes & Labs > F5 Programmability Training Index

Class 3: Introduction to SecDevOps

This hands-on lab will demonstrate how to secure applications programmatically using a BIG-IP’s iControl based REST API.

Leveraging programmability to deploy security policies and/or adhere to best practices during an application’s lifecycle reduces the operational (e.g. time and money) cost of a defense in depth strategy. Programmatic workflows can be developed and deployed for specific security use cases, and integrated into the SDLC process, allowing for the protection of an application to iterate in parallel with the development of the application.

This course will feature the following topics.

  • General interaction with tmm via BIG-IPs REST APIs
  • Create, modify and assign an AFM policy
  • Create, modify and assign an ASM policy

Lab Guide

This lab is divided into three parts. Each section of the lab, will require configuration of the BIG-IP, AFM, or ASM using the iControl REST based API. It is recommended that each lab be executed in order.

To perform the steps required in the lab, Postman will be used from the Windows jump box.

Prior to beginning the exercises, it is recommended to review the Lab Topology.

  1. Lab 1: Configuring BIG-IP
  2. Lab 2: Configuring AFM (Advanced Firewall Module)
  3. Lab 3: Configuring ASM (Application Security Module)


Bugs and enhancements can be made by opening an issue within the GitHub repository.

Getting Started

Please follow the instructions provided by the instructor to start your lab and access your jump host.


All work for this lab will be performed exclusively from the Windows jumphost. No software installation or interaction with your local system is required.