Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Application Security Manager (ASM)

ASM is a web application firewall (WAF) that provides application security in traditional, virtual, and private cloud environments. Designed specifically for security, BIG-IP ASM secures applications against unknown vulnerabilities and enables compliance with key regulatory mandates.

Learn more

Articles

John Wagnon
Updated 1 week ago by John Wagnon
5 out of 5 stars

Bot activity is something that needs to be monitored and controlled. On one hand, you want the good bots to access your site, but on the other hand you want the bad ones to stay away. The question is, “how do you know the difference?” And the unfortunate answer for many organizations is: “I have no idea.”

Gal Goldshtein
Updated 2 weeks ago by Gal Goldshtein

An advisory has been published regarding a critical 0-day unauthenticated RCE (Remote Code Execution) vulnerability in the Drupal System. Drupal is a free and open source content-management framework written in PHP, and it provides a back-end...

Gal Goldshtein
Updated 2 weeks ago by Gal Goldshtein
5 out of 5 stars

An advisory has been published regarding a critical 0-day Remote Code Execution vulnerability in Apache Struts. The vulnerability resides in the Apache Jakarta multipart parser and is triggered when it tries to parse the Content-Type header of the...

John Wagnon
Updated 1 month ago by John Wagnon
5 out of 5 stars

Distributed Denial of Service (DDoS) attacks were huge in 2016, and they will likely be a tough nemesis again in 2017…and beyond!  With all the excitement and trepidation surrounding these attacks, it’s important to know how to defend against...

Lori MacVittie
Updated 1 month ago by Lori MacVittie

It's an API economy. If you don't have an API you're already behind. APIs are the fuel driving organizations' digital transformation. We've all heard something similar to these phrases in the past few years. And while they look...

Nir Zigler
Updated 1 month ago by Nir Zigler
5 out of 5 stars

Last week, a critical vulnerability has been detected in WordPress 4.7 by Sucuri researchers: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html The vulnerability allows unauthenticated attackers to change the...

John Wagnon
Updated 1 month ago by John Wagnon
4.5 out of 5 stars

This article series was written a while back, but we are re-introducing it as a part of our Security Month on DevCentral. I hope you enjoy all the features of this very powerful module on the BIG-IP!

Dylan Syme
Updated 2 months ago by Dylan Syme

Web application threats continue to cause serious security issues for large corporations and small businesses alike.  In 2016, even the smallest, local family businesses have a Web presence, and it is important to understand the potential...

Maxim Zavodchik
Updated 2 months ago by Maxim Zavodchik
5 out of 5 stars

“Credentials stuffing” attack technique became a very popular way nowadays to brute force user accounts over web applications’ login pages. Instead of trying to guess a certain user password from a generated word list (a.k.a. “dictionary”),...

Maxim Zavodchik
Updated 2 months ago by Maxim Zavodchik
5 out of 5 stars

Recently reserachers at "Check Point" has uncovered 3 new previously unkown vulnerabilitites in the new version of PHP. CVE-2016-7479 and  CVE-2016-7480 could result in attackers taking a full control of the target server, while...

John Wagnon
Updated 1 week ago by John Wagnon
5 out of 5 stars

Bot activity is something that needs to be monitored and controlled. On one hand, you want the good bots to access your site, but on the other hand you want the bad ones to stay away. The question is, “how do you know the difference?” And the unfortunate answer for many organizations is: “I have no idea.”

Gal Goldshtein
Updated 2 weeks ago by Gal Goldshtein
5 out of 5 stars

An advisory has been published regarding a critical 0-day Remote Code Execution vulnerability in Apache Struts. The vulnerability resides in the Apache Jakarta multipart parser and is triggered when it tries to parse the Content-Type header of the...

John Wagnon
Updated 1 month ago by John Wagnon
5 out of 5 stars

Distributed Denial of Service (DDoS) attacks were huge in 2016, and they will likely be a tough nemesis again in 2017…and beyond!  With all the excitement and trepidation surrounding these attacks, it’s important to know how to defend against...

Nir Zigler
Updated 1 month ago by Nir Zigler
5 out of 5 stars

Last week, a critical vulnerability has been detected in WordPress 4.7 by Sucuri researchers: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html The vulnerability allows unauthenticated attackers to change the...

Maxim Zavodchik
Updated 2 months ago by Maxim Zavodchik
5 out of 5 stars

“Credentials stuffing” attack technique became a very popular way nowadays to brute force user accounts over web applications’ login pages. Instead of trying to guess a certain user password from a generated word list (a.k.a. “dictionary”),...

Maxim Zavodchik
Updated 2 months ago by Maxim Zavodchik
5 out of 5 stars

Recently reserachers at "Check Point" has uncovered 3 new previously unkown vulnerabilitites in the new version of PHP. CVE-2016-7479 and  CVE-2016-7480 could result in attackers taking a full control of the target server, while...

Maxim Zavodchik
Updated 3 months ago by Maxim Zavodchik
5 out of 5 stars

An advisory has been published on a critical 0-day unauthenticated RCE (Remote Code Execution) vulnerability in the “PHPMailer” system. PHPMailer is a popular code for sending email from PHP and probably the world’s most popular one according...

Matthieu Dierick
Updated 3 months ago by Matthieu Dierick
5 out of 5 stars

Silverline Web Application Firewall Express is a cloud-based service built on BIGIP Application Security Manager (ASM) – to help organizations protect web applications and data, and enable compliance with industry standards, such as PCI DSS.

John Wagnon
Updated 4 months ago by John Wagnon
5 out of 5 stars

If you ever use credit cards for online purchases, you are affected by the Payment Card Industry / Data Security Standards (PCI/DSS). Compliance with these standards are required for any company that processes online payments via credit cards...

John Wagnon
Updated 4 months ago by John Wagnon
5 out of 5 stars

The BIG-IP Application Security Manager (ASM) is a powerful Web Application Firewall that provides amazing Layer 7 protection for your web applications. The heart of what the ASM does is based in the policies that you create for it. When you create a policy, you establish what can and can't be allowed through the ASM...things like specific parameters, file types, URLs, etc...

Have a ASM Question or Discussion Topic?

Answers

F5 ASM Policy Backup
Updated 1 hour ago
By ebeng
0 votes
F5 ASM Filter/Block Parameter without blocking page
Updated 4 hours ago
0 votes
Scaning for Viruses in F5
Updated 4 days ago
By tmarqz
0 votes
X-Forwarded-For through proxy and F5
Updated 4 days ago
0 votes
Schedule script to backup ASM config
Updated 4 days ago
By Kash
0 votes