Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Application Security Manager (ASM)

ASM is a web application firewall (WAF) that provides application security in traditional, virtual, and private cloud environments. Designed specifically for security, BIG-IP ASM secures applications against unknown vulnerabilities and enables compliance with key regulatory mandates.

Learn more

Articles

Nir.Ashkenazi
Updated 1 week ago by Nir.Ashkenazi

ASM Ready Template update for Drupal v8 include Goal/Deployment steps

Gal Goldshtein
Updated 1 week ago by Gal Goldshtein

Recently, a new Remote Code Execution vulnerability in Spring OAuth extension was published by Pivotal. The OAuth Protocol OAuth is a protocol that supports authorization processes by enabling users to share their data and resources stored on...

Graham
Updated 1 week ago by Graham
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to protect your credentials. Identities are the keys to our applications and criminals can steal them right from the browser. DataSafe protects the credentials at the most vulnerable point.

Graham
Updated 1 week ago by Graham

Learn how to use the F5 Advanced Web Application Firewall to easily implement Behavioral DoS protections for your application using dynamic signatures to reduce false positives and automate protection.

Graham
Updated 2 weeks ago by Graham
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to easily lock down your applications so that bots can’t attack your mobile APIs. This video will show you the quick way to add anti-bot and other protections directly into your mobile app.

Graham
Updated 2 weeks ago by Graham
4 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to easily protect your applications against bots. Bots can be used as tools for a variety of attacks such as DoS, credential stuffing and brute force, or web scraping.

Gal Goldshtein
Updated 3 weeks ago by Gal Goldshtein

A new critical Remote Code Execution vulnerability in Drupal core was published. This new vulnerability is similar to CVE-2018-7600, also known as “Drupalgeddon 2”. It was found that the sanitation function that was added to address the...

Chase Abbott
Updated 4 weeks ago by Chase Abbott
5 out of 5 stars

What happens when you cross a developer with a fitness instructor? You get BIG-IP Per App VE. DevCentral discusses the new per-App instance of BIG-IP providing LTM and WAF functionality wherever your applications reside.

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein

Recently a directory traversal vulnerability in the Spring Framework was published (CVE-2018-1271). The Spring application will only be vulnerable when it is deployed on a Microsoft Windows based operating system and the application developer uses...

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein

In the recent days another critical vulnerability in Spring Framework was published (CVE-2018-1273). This time the vulnerable component is Spring Data Commons. Spring Data component goal is to provide a common API for accessing NoSQL and...

Graham
Updated 1 week ago by Graham
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to protect your credentials. Identities are the keys to our applications and criminals can steal them right from the browser. DataSafe protects the credentials at the most vulnerable point.

Graham
Updated 2 weeks ago by Graham
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to easily lock down your applications so that bots can’t attack your mobile APIs. This video will show you the quick way to add anti-bot and other protections directly into your mobile app.

Chase Abbott
Updated 4 weeks ago by Chase Abbott
5 out of 5 stars

What happens when you cross a developer with a fitness instructor? You get BIG-IP Per App VE. DevCentral discusses the new per-App instance of BIG-IP providing LTM and WAF functionality wherever your applications reside.

John Wagnon
Updated 1 month ago by John Wagnon
5 out of 5 stars

Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic...

Graham
Updated 2 months ago by Graham
5 out of 5 stars

This article will help you deploy an F5 BIG-IP WAF in front of your AWS API Gateway to provide additional security. It shows how to deploy a basic WAF policy to protect your API Gateway, and you can expand from there to add Denial of Service or...

David Holmes
Updated 3 months ago by David Holmes
5 out of 5 stars

David Holmes, Skymall's runner-up for sexiest man over 55, reveals the ten most hardcore security features in versions 13.0 and 13.1. You don't want to miss this one.

Nir Zigler
Updated 4 months ago by Nir Zigler
5 out of 5 stars

The recently disclosed groundbreaking vulnerabilities have set a precedent for how massive a security vulnerability can be. In the recent years, we have witnessed vulnerabilities that affect major frameworks like Java, PHP, OpenSSL and CGI...

Gal Goldshtein
Updated 4 months ago by Gal Goldshtein
5 out of 5 stars

In October 2017 Oracle have published a vulnerability concerning Oracle WebLogic and assigned CVE-2017-10271 to it. Since then no public information regarding this vulnerability was available until a few days ago, when an analysis of the...

Gal Goldshtein
Updated 5 months ago by Gal Goldshtein
5 out of 5 stars

Recently a new vulnerability in Jackson, a popular Java library used for parsing JSON, was published and assigned CVE-2017-7525. The Jackson-databind package allows programmers to construct Java objects out of JSON documents, and as we have...

Peter Silva
Updated 5 months ago by Peter Silva
5 out of 5 stars

With the release of the new 2017 Edition of the OWASP Top 10, we wanted to give a quick rundown of how BIG-IP ASM can mitigate these vulnerabilities. First, here's how the 2013 edition compares to 2017.   And how BIG-IP ASM mitigates the...

Have a ASM Question or Discussion Topic?

Answers

F5 ASM update failures
Updated 6 hours ago
By Roger
0 votes
XML base64 namespace and attack signatures
Updated 2 days ago
By lnxgeek
0 votes
parameter to allow changing session ID
Updated 3 days ago
0 votes
DOS Layer 7 memory consumption
Updated 4 days ago
0 votes
Over-zealous security of devcentral?
Updated 9/30/2016
By Jie
2 votes
ASM policy not blocking invalid host headers
Updated 1 month ago
By uni
1 votes
ASM Alerts/Sec
Updated 2 months ago
1 votes