Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Application Security Manager (ASM)

ASM is a web application firewall (WAF) that provides application security in traditional, virtual, and private cloud environments. Designed specifically for security, BIG-IP ASM secures applications against unknown vulnerabilities and enables compliance with key regulatory mandates.

Learn more

Articles

Gal Goldshtein
Updated 1 day ago by Gal Goldshtein

Recently, a new vulnerability in the RichFaces framework was discovered and was assigned with CVE-2018-14667. RichFaces is one of the libraries that implement the JavaServer faces (JSF) specification which is the Java standard for building...

John Wagnon
Updated 1 month ago by John Wagnon
5 out of 5 stars

F5 has teamed up with OPSWAT to allow for comprehensive content analysis and sanitization. These capabilities include thorough malware scanning using over 30 leading anti-malware engines as well as Content Disarm and Reconstruction services...

John Wagnon
Updated 2 months ago by John Wagnon

The Apache Struts 2 framework is used extensively to build web applications.  This framework has also been the victim of several vulnerabilities that dramatically affect users all over the world...

Gal Goldshtein
Updated 2 months ago by Gal Goldshtein
5 out of 5 stars

In the recent days, a new Apache Struts 2 Remote Code Execution vulnerability was announced (S2-057) and CVE-2018-11776 was allocated. At the moment, there is no public Proof of Concept exploit available. for a Struts 2 application to be...

Gal Goldshtein
Updated 3 months ago by Gal Goldshtein

Recently Oracle published its periodically security advisory. The advisory contains fixes for 334 CVEs, 231 of them are exploitable over the HTTP protocol. Oracle tends not to publicly disclose details related to the attack vectors of the...

Nir.Ashkenazi
Updated 5 months ago by Nir.Ashkenazi

F5 has created a specialized ASM template to simplify the configuration process of WordPress v4.9 with the new version of BIG-IP 13.x Click here to access the .zip file that contains the template:  WordPress v4.9 ASM Template for BIG-IP...

Nir.Ashkenazi
Updated 5/14/2018 by Nir.Ashkenazi

ASM Ready Template update for Drupal v8 include Goal/Deployment steps

Gal Goldshtein
Updated 5/11/2018 by Gal Goldshtein

Recently, a new Remote Code Execution vulnerability in Spring OAuth extension was published by Pivotal. The OAuth Protocol OAuth is a protocol that supports authorization processes by enabling users to share their data and resources stored on...

Graham Alderson
Updated 5/9/2018 by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to protect your credentials. Identities are the keys to our applications and criminals can steal them right from the browser. DataSafe protects the credentials at the most vulnerable point.

Graham Alderson
Updated 5/8/2018 by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to easily implement Behavioral DoS protections for your application using dynamic signatures to reduce false positives and automate protection.

John Wagnon
Updated 1 month ago by John Wagnon
5 out of 5 stars

F5 has teamed up with OPSWAT to allow for comprehensive content analysis and sanitization. These capabilities include thorough malware scanning using over 30 leading anti-malware engines as well as Content Disarm and Reconstruction services...

Gal Goldshtein
Updated 2 months ago by Gal Goldshtein
5 out of 5 stars

In the recent days, a new Apache Struts 2 Remote Code Execution vulnerability was announced (S2-057) and CVE-2018-11776 was allocated. At the moment, there is no public Proof of Concept exploit available. for a Struts 2 application to be...

Graham Alderson
Updated 5/9/2018 by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to protect your credentials. Identities are the keys to our applications and criminals can steal them right from the browser. DataSafe protects the credentials at the most vulnerable point.

Graham Alderson
Updated 5/8/2018 by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to easily implement Behavioral DoS protections for your application using dynamic signatures to reduce false positives and automate protection.

Graham Alderson
Updated 5/7/2018 by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to easily lock down your applications so that bots can’t attack your mobile APIs. This video will show you the quick way to add anti-bot and other protections directly into your mobile app.

Chase Abbott
Updated 4/23/2018 by Chase Abbott
5 out of 5 stars

What happens when you cross a developer with a fitness instructor? You get BIG-IP Per App VE. DevCentral discusses the new per-App instance of BIG-IP providing LTM and WAF functionality wherever your applications reside.

John Wagnon
Updated 4/9/2018 by John Wagnon
5 out of 5 stars

Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic...

Nir Zigler
Updated 1/11/2018 by Nir Zigler
5 out of 5 stars

The recently disclosed groundbreaking vulnerabilities have set a precedent for how massive a security vulnerability can be. In the recent years, we have witnessed vulnerabilities that affect major frameworks like Java, PHP, OpenSSL and CGI...

Gal Goldshtein
Updated 12/25/2017 by Gal Goldshtein
5 out of 5 stars

In October 2017 Oracle have published a vulnerability concerning Oracle WebLogic and assigned CVE-2017-10271 to it. Since then no public information regarding this vulnerability was available until a few days ago, when an analysis of the...

Gal Goldshtein
Updated 12/7/2017 by Gal Goldshtein
5 out of 5 stars

Recently a new vulnerability in Jackson, a popular Java library used for parsing JSON, was published and assigned CVE-2017-7525. The Jackson-databind package allows programmers to construct Java objects out of JSON documents, and as we have...

Have a ASM Question or Discussion Topic?

Answers

Filtering based on client certificate
Updated 3 hours ago
By Zaklina
0 votes
ASM Logging Best Practices
Updated 11 hours ago
0 votes
ASM IP Address Exception API Question
Updated 21 hours ago
0 votes
Create a F5 VE in Azure without marketplace
Updated 1 day ago
0 votes
F5 ASM - Parameter Meta Character Not Blocking
Updated 1 day ago
0 votes
Over-zealous security of devcentral?
Updated 9/30/2016
By Jie
2 votes
ASM: Failed to convert character
Updated 4 months ago
By rpuga
1 votes
API calls to analytics not working
Updated 4/3/2018
1 votes
ASM policy not blocking invalid host headers
Updated 3/22/2018
By uni
1 votes