Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Application Security Manager (ASM)

ASM is a web application firewall (WAF) that provides application security in traditional, virtual, and private cloud environments. Designed specifically for security, BIG-IP ASM secures applications against unknown vulnerabilities and enables compliance with key regulatory mandates.

Learn more

Articles

Shoichi Kiritani (桐谷 彰一)
Updated 5 days ago by Shoichi Kiritani (桐谷 彰一)

OWASP Top 10の2017年正式版がリリースされましたので、BIG-IP ASMのWAF機能でどのくらい対応できるか概要を紹介したいと思います。

Gal Goldshtein
Updated 1 week ago by Gal Goldshtein

Recently a new vulnerability in Jackson, a popular Java library used for parsing JSON, was published and assigned CVE-2017-7525. The Jackson-databind package allows programmers to construct Java objects out of JSON documents, and as we have...

Peter Silva
Updated 2 weeks ago by Peter Silva
5 out of 5 stars

With the release of the new 2017 Edition of the OWASP Top 10, we wanted to give a quick rundown of how BIG-IP ASM can mitigate these vulnerabilities. First, here's how the 2013 edition compares to 2017.   And how BIG-IP ASM mitigates the...

Peter Silva
Updated 2 weeks ago by Peter Silva
5 out of 5 stars

Today, let’s look at a couple ways to mitigate a DDoS attack with BIG-IP ASM. We’ve logged into a BIG-IP ASM and navigated to Security>DDoS Protection>DDoS Profiles. In the General Settings of Application Security, we’ll activate an...

John Wagnon
Updated 1 month ago by John Wagnon

In this "Post of the Week" video, we show how to block a specific URI using a custom ASM signature and an iRule.

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein

Last week, Oracle has released an out of cycle security advisory (CVE-2017-10151) for a vulnerability which affects Oracle identity manager. The vulnerability allows attackers to access Oracle Identity Manager using a built-in account...

John Wagnon
Updated 2 months ago by John Wagnon
5 out of 5 stars

The essence of the Credential Stuffing problem centers around the fact that lots and lots of user credentials have been stolen from many different places.  An attacker will take stolen credentials from one place and try to "stuff" them into another

Gal Goldshtein
Updated 2 months ago by Gal Goldshtein

In the recent days, a new vulnerability in Joomla has been published (CVE-2017-14596). The vulnerability concerns Joomla installations which have Joomla’s LDAP plugin installed and are using it to authenticate the system’s users. The vulnerability...

Gal Goldshtein
Updated 2 months ago by Gal Goldshtein
5 out of 5 stars

In the recent days, a new vulnerability in Apache Tomcat has been published (CVE-2017-12615). The vulnerability allows attackers to upload arbitrary files to the Tomcat application server by utilizing the HTTP PUT method. By uploading a .JSP file...

Michael J
Updated 3 months ago by Michael J
5 out of 5 stars

Nessus 6 XSLT Conversion for ASM Generic Scanner Schema Import

Peter Silva
Updated 2 weeks ago by Peter Silva
5 out of 5 stars

With the release of the new 2017 Edition of the OWASP Top 10, we wanted to give a quick rundown of how BIG-IP ASM can mitigate these vulnerabilities. First, here's how the 2013 edition compares to 2017.   And how BIG-IP ASM mitigates the...

Peter Silva
Updated 2 weeks ago by Peter Silva
5 out of 5 stars

Today, let’s look at a couple ways to mitigate a DDoS attack with BIG-IP ASM. We’ve logged into a BIG-IP ASM and navigated to Security>DDoS Protection>DDoS Profiles. In the General Settings of Application Security, we’ll activate an...

John Wagnon
Updated 2 months ago by John Wagnon
5 out of 5 stars

The essence of the Credential Stuffing problem centers around the fact that lots and lots of user credentials have been stolen from many different places.  An attacker will take stolen credentials from one place and try to "stuff" them into another

Gal Goldshtein
Updated 2 months ago by Gal Goldshtein
5 out of 5 stars

In the recent days, a new vulnerability in Apache Tomcat has been published (CVE-2017-12615). The vulnerability allows attackers to upload arbitrary files to the Tomcat application server by utilizing the HTTP PUT method. By uploading a .JSP file...

Michael J
Updated 3 months ago by Michael J
5 out of 5 stars

Nessus 6 XSLT Conversion for ASM Generic Scanner Schema Import

Gal Goldshtein
Updated 3 months ago by Gal Goldshtein
5 out of 5 stars

In the recent days, another 0-day remote code execution vulnerability in Apache Struts 2 has been published (CVE-2017-12611). This time the vulnerability’s root cause is not stemming from a bug in the Struts 2 framework, but a feature of the...

Peter Silva
Updated 3 months ago by Peter Silva
5 out of 5 stars

In this Lightboard Lesson, I light up some use cases for BIG-IP ASM Layered Policies available in BIG-IP v13. With Parent and Child policies, you can: Impose mandatory policy elements on multiple policies; Create multiple policies with baseline...

Michael Koyfman
Updated 5 months ago by Michael Koyfman
5 out of 5 stars

Part 2 in the series of Realizing value from a WAF. In this article, learn how BIG-IP ASM can block 0-day attacks.

Gal Goldshtein
Updated 5 months ago by Gal Goldshtein
5 out of 5 stars

A new Apache Struts 2 vulnerability was published (S2-048) and a POC code exploiting it was publicly released. Read about how you can mitigate this vulnerability with the BIG-IP ASM.

Peter Silva
Updated 5/9/2017 by Peter Silva
5 out of 5 stars

Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure.

Have a ASM Question or Discussion Topic?

Answers

ASM Violations on a URL
Updated 2 days ago
0 votes
ASM and AFM config file location
Updated 2 days ago
0 votes
ASM logs by CVE
Updated 3 days ago
By OM
0 votes