Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Application Security Manager (ASM)

ASM is a web application firewall (WAF) that provides application security in traditional, virtual, and private cloud environments. Designed specifically for security, BIG-IP ASM secures applications against unknown vulnerabilities and enables compliance with key regulatory mandates.

Learn more

Articles

Eric Chen
Updated 1 day ago by Eric Chen

Please enjoy our demonstration of Kubernetes API/Dashboard authentication with BIG-IP using mTLS, Basic Auth (Username/Password), and OAuth Tokens.  This illustrates how BIG-IP Access Policy Manager (APM) can securely authenticate to Kubernetes.

Gal Goldshtein
Updated 2 weeks ago by Gal Goldshtein

Recently a new YAML deserialization gadget was published that may lead to arbitrary code execution when deserialized by supplying it to Ruby's YAML.load function as input. Prior to this new gadget it was known that calling YAML.load on...

Eric Chen
Updated 3 weeks ago by Eric Chen
5 out of 5 stars

How do you know what your external users and services are doing in your Kubernetes cluster? Using BIG-IP Access Policy Manager and Application Security Manager we can create a secure method of...

Gal Goldshtein
Updated 3 weeks ago by Gal Goldshtein

In the recent days Drupal released a security advisory regarding a new highly critical risk vulnerability affecting Drupal 8 instances. The vulnerability may allow unauthenticated users to execute arbitrary code by forcing the vulnerable Drupal 8...

Nir Zigler
Updated 1 month ago by Nir Zigler

F5 offers security solutions for AWS customers who use the platform's hosting and load balancing services along with the AWS WAF offering.

Gal Goldshtein
Updated 2 months ago by Gal Goldshtein
5 out of 5 stars

A recently published research by Checkpoint introduced a couple of undiscovered vulnerabilities in the online gaming platform of “Epic Games” – the developers of the famous "Fortnite" game. It was claimed in the research paper that a...

Lior Rotkovtich
Updated 2 months ago by Lior Rotkovtich
5 out of 5 stars

With more and more bots traffic hitting web applications it has become a necessity to manage bots accessing web applications. To be able to manage bot access to your web application you must first be able to detect them and only then allow or deny

Gal Goldshtein
Updated 3 months ago by Gal Goldshtein

ThinkPHP is an open source PHP development framework for agile web application development. Recently, an unauthenticated remote code execution vulnerability was discovered in ThinkPHP...

Steve Lyons
Updated 3 months ago by Steve Lyons
5 out of 5 stars

Not too long ago, a question in one of my tech talks came up regarding how F5 sync's ASM policies between devices that may not be apart of the same HA Pair. The question derived from experience with another vendor in which policies would not...

Nir Zigler
Updated 3 months ago by Nir Zigler

A bug in the Kubernetes platform has been disclosed this week by its developers. The bug has been marked as critical vulnerability with a 9.8 CVSS score and assigned CVE-2018-1002105.

Eric Chen
Updated 3 weeks ago by Eric Chen
5 out of 5 stars

How do you know what your external users and services are doing in your Kubernetes cluster? Using BIG-IP Access Policy Manager and Application Security Manager we can create a secure method of...

Gal Goldshtein
Updated 2 months ago by Gal Goldshtein
5 out of 5 stars

A recently published research by Checkpoint introduced a couple of undiscovered vulnerabilities in the online gaming platform of “Epic Games” – the developers of the famous "Fortnite" game. It was claimed in the research paper that a...

Lior Rotkovtich
Updated 2 months ago by Lior Rotkovtich
5 out of 5 stars

With more and more bots traffic hitting web applications it has become a necessity to manage bots accessing web applications. To be able to manage bot access to your web application you must first be able to detect them and only then allow or deny

Steve Lyons
Updated 3 months ago by Steve Lyons
5 out of 5 stars

Not too long ago, a question in one of my tech talks came up regarding how F5 sync's ASM policies between devices that may not be apart of the same HA Pair. The question derived from experience with another vendor in which policies would not...

Steve Lyons
Updated 3 months ago by Steve Lyons
5 out of 5 stars

If you are not familiar with F5's IP Intelligence capability, it is an add-on service that integrates with both the Advanced Firewall Manager and Application Security Manager. Steve Lyons covers how IP Intelligence can help you.

Harsh Chawla
Updated 4 months ago by Harsh Chawla
5 out of 5 stars

Earlier this month (November 2018), RIPS Technologies blogged about a design flaw within WordPress that allows privilege escalation.  WordPress is one of the most commonly used Content Management System (CMS) and is used by over 32% of the...

John Wagnon
Updated 9/18/2018 by John Wagnon
5 out of 5 stars

F5 has teamed up with OPSWAT to allow for comprehensive content analysis and sanitization. These capabilities include thorough malware scanning using over 30 leading anti-malware engines as well as Content Disarm and Reconstruction services...

Gal Goldshtein
Updated 8/22/2018 by Gal Goldshtein
5 out of 5 stars

In the recent days, a new Apache Struts 2 Remote Code Execution vulnerability was announced (S2-057) and CVE-2018-11776 was allocated. At the moment, there is no public Proof of Concept exploit available. for a Struts 2 application to be...

Graham Alderson
Updated 5/9/2018 by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to protect your credentials. Identities are the keys to our applications and criminals can steal them right from the browser. DataSafe protects the credentials at the most vulnerable point.

Graham Alderson
Updated 5/8/2018 by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to easily implement Behavioral DoS protections for your application using dynamic signatures to reduce false positives and automate protection.

Have a ASM Question or Discussion Topic?

Answers

Options on custom block page
Updated 14 hours ago
0 votes
Brute force Outlook mail
Updated 16 hours ago
0 votes
HTTP error response payload not delivered
Updated 21 hours ago
By Aurel
0 votes
Signature update
Updated 1 day ago
By Eowyn
0 votes
no security event logs for brute force attacks
Updated 1 day ago
By hmc
0 votes