Vulnerability Assessment with Application Security

The longer an application remains vulnerable, the more likely it is to be compromised. Protecting web applications is an around-the-clock job. Almost anything that is connected to the Internet is a target these days, and organizations are scrambling to keep their web properties available and secure. The ramifications of a breach or downtime can be severe: brand reputation, the ability to meet regulatory requirements, and revenue are all on the line.  A 2011 survey conducted by Merrill Research on behalf of VeriSign found that 60 percent of respondents rely on their websites for at least 25 percent of their...

Cloud Security With FedRAMP

Want to provide Cloud services to the federal government?  Then you’ll have to adhere to almost 170 security controls under the recently announced Federal Risk and Authorization Management Program.  The program, set to go live in June, is designed to analyze/audit cloud computing providers for federal government agencies, expedite security clearances for cloud providers and foster the adoption of cloud computing by the Federal government.  FedRAMP is meant to provide a baseline for low to moderate risk systems and is based on the NIST cyber-security Special Publication 800-53 Revision 3.  FedRAMP provides an overall checklist for handling risks associated with...

F5 Case Study: WhiteHat Security

Founder & CTO of WhiteHat Security, Jeremiah Grossman talks about the F5/WhiteHat partnership, the benefits of the WhiteHat Sentinel & BIG-IP ASM integration, the sophistication level of some of the recent attacks/breaches reported in the media, blocking SQL Injections and why organizations should consider an integrated WAF and Scanner like the WhiteHat/F5 solution. </p> <p><font size="2">ps</font></p> <p><font size="2">Related:</font></p> <ul> <li><a href="https://www.whitehatsec.com/index.html" _fcksavedurl="https://www.whitehatsec.com/index.html"><font size="2" face="Tahoma">WhiteHat Security</font></a></li> <li><a href="https://www.whitehatsec.com/resource/grossman.html" _fcksavedurl="https://www.whitehatsec.com/resource/grossman.html"><font size="2" face="Tahoma">WhiteHat Blog</font></a></li> <li><a href="http://jeremiahgrossman.blogspot.com/" _fcksavedurl="http://jeremiahgrossman.blogspot.com/"><font size="2" face="Tahoma">Jeremiah Grossman Blog</font></a></li> <li><a href="http://www.f5.com/solutions/technology-alliances/security/whitehat.html" _fcksavedurl="http://www.f5.com/solutions/technology-alliances/security/whitehat.html"><font size="2" face="Tahoma">F5/WhiteHat Partnership</font></a></li> ...

Audio White Paper - Application Security in the Cloud with BIG-IP ASM

Application threats are constantly evolving. Recent high-profile Internet attacks on organizations like HBGary, RSA, WikiLeaks, Google, Comodo, and others prove that no one is immune. Anyone could be a target, and perpetrators are extremely organized, skilled, and well-funded. Culprits are often better trained than the IT staff deployed to thwart the attacks, which are targeted, elaborate, and aggressive—not to mention creative. The attacks are multi-layered and constant, and seek not only to deface a website, but to steal valuable data. Customer data, intellectual property, state secrets, SSL certificates, and other proprietary, highly sensitive information are the top targets.  Whether critical...

Do You Splunk 2.0

A little over two years ago I blogged Do you Splunk? about the reporting integration with our FirePass SSL VPN and BIG-IP ASM.  The Splunk reports have provided customers valuable insight into application access and user behavior along with deep analysis of application violations, web attacks and other key metrics.  Recently, Splunk and F5 have been working behind the scenes and now you can also get 22 different templates for detailed reporting on the BIG-IP Access Policy Manager.  BIG-IP APM is a flexible, high-performance access and security solution that runs as a module on BIG-IP LTM. Splunk is the...

Defense in Depth in Context

In the days of yore, a military technique called Defense-in-Depth was used to protect kingdoms, castles, and other locations where you might be vulnerable to attack. It's a layered defense strategy where the attacker would have to breach several layers of protection to finally reach the intended target. It allows the defender to spread their resources and not put all of the protection in one location. It's also a multifaceted approach to protection in that there are other mechanisms in place to help; and it's redundant so if a component failed or is compromised, there are others that are ready...

Audio White Paper: F5 BIG-IP WAN Optimization Module in Data Replication Environments

Data loads are constantly on the rise: where transmissions once included only plain-text email and a few static web hits, people now send rich text email, dynamic web pages including multiple AJAX requests per page, replication data, and a host of other data types.  Replication data in particular is critical, especially to businesses. Businesses need their replication data to arrive at the appropriate destination, in a timely manner and with no doubt of delivery. The slower and less reliable your replication is, the less useful it is to your original purpose.  Using...

PCI Turns 2.0

…Or 6 years old in human time.  When PCI DSS was born, it was actually five different procedures from each of the major credit card issuers: Visa, MasterCard, American Express, JCB and Discover.  Each program was comparable in that they wanted merchants to have minimum security requirements when handling (process, transmit, store) cardholder data as a protection mechanism.  The industry came together and formed the PCI Security Standards Council (SSC) which aligned the distinctive policies and then released the Payment Card Industry Data Security Standard (PCI DSS) v1.0.  Over the years there have been clarifications, slight revisions, wireless guidelines, the...

Audio White Paper: F5 FirePass Endpoint Security

As SSL VPN technology becomes more mainstream and organizations extend their internal infrastructures to users who are not necessarily employees, Endpoint security has become an increasing concern. Allowing an infected device access onto the network is just as bad as allowing an invalid user to access proprietary internal information. Most people perceive remote access as either trusted or un-trusted. But these days, with so many personal devices connecting to the corporate infrastructure, all hosts should be considered hostile until they prove otherwise.  This White Paper describes how F5 FirePass Endpoint Security prevents...

CloudFucius Corners: The Coin Operated Cloud

A couple weeks ago I made mention of The Coin Operated Cloud in passing and decided to expand on it.  Isn’t that how blogs are supposed to work?  It’s no secret that The Cloud has given many organizations and individuals alike the computing power to host, store, transmit, broadcast and generally enable a huge swath of resources.  (Not sure if I like that sentence structure, but you get the idea).  Small and Medium sized business gain access to pay-as-you-go and Large Enterprises can realize economies of scale.  Cloud Computing also opens the door to just about any individual with...