Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Application Security Manager (ASM)

ASM is a web application firewall (WAF) that provides application security in traditional, virtual, and private cloud environments. Designed specifically for security, BIG-IP ASM secures applications against unknown vulnerabilities and enables compliance with key regulatory mandates.

Learn more

Articles

John Wagnon
Updated 6 days ago by John Wagnon
5 out of 5 stars

F5 has teamed up with OPSWAT to allow for comprehensive content analysis and sanitization. These capabilities include thorough malware scanning using over 30 leading anti-malware engines as well as Content Disarm and Reconstruction services...

John Wagnon
Updated 1 week ago by John Wagnon

The Apache Struts 2 framework is used extensively to build web applications.  This framework has also been the victim of several vulnerabilities that dramatically affect users all over the world...

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein
5 out of 5 stars

In the recent days, a new Apache Struts 2 Remote Code Execution vulnerability was announced (S2-057) and CVE-2018-11776 was allocated. At the moment, there is no public Proof of Concept exploit available. for a Struts 2 application to be...

Gal Goldshtein
Updated 2 months ago by Gal Goldshtein

Recently Oracle published its periodically security advisory. The advisory contains fixes for 334 CVEs, 231 of them are exploitable over the HTTP protocol. Oracle tends not to publicly disclose details related to the attack vectors of the...

Nir.Ashkenazi
Updated 4 months ago by Nir.Ashkenazi

F5 has created a specialized ASM template to simplify the configuration process of WordPress v4.9 with the new version of BIG-IP 13.x Click here to access the .zip file that contains the template:  WordPress v4.9 ASM Template for BIG-IP...

Nir.Ashkenazi
Updated 4 months ago by Nir.Ashkenazi

ASM Ready Template update for Drupal v8 include Goal/Deployment steps

Gal Goldshtein
Updated 4 months ago by Gal Goldshtein

Recently, a new Remote Code Execution vulnerability in Spring OAuth extension was published by Pivotal. The OAuth Protocol OAuth is a protocol that supports authorization processes by enabling users to share their data and resources stored on...

Graham Alderson
Updated 4 months ago by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to protect your credentials. Identities are the keys to our applications and criminals can steal them right from the browser. DataSafe protects the credentials at the most vulnerable point.

Graham Alderson
Updated 4 months ago by Graham Alderson

Learn how to use the F5 Advanced Web Application Firewall to easily implement Behavioral DoS protections for your application using dynamic signatures to reduce false positives and automate protection.

Graham Alderson
Updated 4 months ago by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to easily lock down your applications so that bots can’t attack your mobile APIs. This video will show you the quick way to add anti-bot and other protections directly into your mobile app.

John Wagnon
Updated 6 days ago by John Wagnon
5 out of 5 stars

F5 has teamed up with OPSWAT to allow for comprehensive content analysis and sanitization. These capabilities include thorough malware scanning using over 30 leading anti-malware engines as well as Content Disarm and Reconstruction services...

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein
5 out of 5 stars

In the recent days, a new Apache Struts 2 Remote Code Execution vulnerability was announced (S2-057) and CVE-2018-11776 was allocated. At the moment, there is no public Proof of Concept exploit available. for a Struts 2 application to be...

Graham Alderson
Updated 4 months ago by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to protect your credentials. Identities are the keys to our applications and criminals can steal them right from the browser. DataSafe protects the credentials at the most vulnerable point.

Graham Alderson
Updated 4 months ago by Graham Alderson
5 out of 5 stars

Learn how to use the F5 Advanced Web Application Firewall to easily lock down your applications so that bots can’t attack your mobile APIs. This video will show you the quick way to add anti-bot and other protections directly into your mobile app.

Chase Abbott
Updated 5 months ago by Chase Abbott
5 out of 5 stars

What happens when you cross a developer with a fitness instructor? You get BIG-IP Per App VE. DevCentral discusses the new per-App instance of BIG-IP providing LTM and WAF functionality wherever your applications reside.

John Wagnon
Updated 5 months ago by John Wagnon
5 out of 5 stars

Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic...

Graham Alderson
Updated 3/20/2018 by Graham Alderson
5 out of 5 stars

This article will help you deploy an F5 BIG-IP WAF in front of your AWS API Gateway to provide additional security. It shows how to deploy a basic WAF policy to protect your API Gateway, and you can expand from there to add Denial of Service or...

Nir Zigler
Updated 1/11/2018 by Nir Zigler
5 out of 5 stars

The recently disclosed groundbreaking vulnerabilities have set a precedent for how massive a security vulnerability can be. In the recent years, we have witnessed vulnerabilities that affect major frameworks like Java, PHP, OpenSSL and CGI...

Gal Goldshtein
Updated 12/25/2017 by Gal Goldshtein
5 out of 5 stars

In October 2017 Oracle have published a vulnerability concerning Oracle WebLogic and assigned CVE-2017-10271 to it. Since then no public information regarding this vulnerability was available until a few days ago, when an analysis of the...

Gal Goldshtein
Updated 12/7/2017 by Gal Goldshtein
5 out of 5 stars

Recently a new vulnerability in Jackson, a popular Java library used for parsing JSON, was published and assigned CVE-2017-7525. The Jackson-databind package allows programmers to construct Java objects out of JSON documents, and as we have...

Have a ASM Question or Discussion Topic?

Answers

Uploading ASM policy files?
Updated 39 minutes ago
0 votes
Replacing 2000s with I2600 license
Updated 1 day ago
0 votes
ASM event logs in .csv format
Updated 2 days ago
By Mazhar
0 votes
HA configruation for ASM only devices
Updated 3 days ago
0 votes
Over-zealous security of devcentral?
Updated 9/30/2016
By Jie
2 votes
ASM: Failed to convert character
Updated 2 months ago
By rpuga
1 votes
API calls to analytics not working
Updated 5 months ago
1 votes
ASM policy not blocking invalid host headers
Updated 3/22/2018
By uni
1 votes