Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Application Security Manager (ASM)

ASM is a web application firewall (WAF) that provides application security in traditional, virtual, and private cloud environments. Designed specifically for security, BIG-IP ASM secures applications against unknown vulnerabilities and enables compliance with key regulatory mandates.

Learn more

Articles

Michael Koyfman
Updated 1 month ago by Michael Koyfman
5 out of 5 stars

Part 2 in the series of Realizing value from a WAF. In this article, learn how BIG-IP ASM can block 0-day attacks.

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein
5 out of 5 stars

A new Apache Struts 2 vulnerability was published (S2-048) and a POC code exploiting it was publicly released. Read about how you can mitigate this vulnerability with the BIG-IP ASM.

Michael Koyfman
Updated 1 month ago by Michael Koyfman
5 out of 5 stars

Implement strong and effective application security measures by deploying a Web Application Firewall (WAF) in front of your web applications.

Peter Silva
Updated 3 months ago by Peter Silva

Updating an Auto-Scaled BIG-IP VE WAF in AWS while continuing to process application traffic.

Peter Silva
Updated 3 months ago by Peter Silva
5 out of 5 stars

Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure.

John Wagnon
Updated 4 months ago by John Wagnon
5 out of 5 stars

Learn how to assess your applications using ImmuniWeb and use the results to build a customized security policy in the BIG-IP ASM.

Nir Zigler
Updated 4 months ago by Nir Zigler
5 out of 5 stars

Today we are reminded that old software can include new and critical security findings. Microsoft IIS 6.0 on Windows Server 2003 R2 is vulnerable to buffer overflow which leads to remote code execution. This is due to inproper validation of the...

John Wagnon
Updated 5 months ago by John Wagnon
5 out of 5 stars

Bot activity is something that needs to be monitored and controlled. On one hand, you want the good bots to access your site, but on the other hand you want the bad ones to stay away. The question is, “how do you know the difference?” And the unfortunate answer for many organizations is: “I have no idea.”

Gal Goldshtein
Updated 5 months ago by Gal Goldshtein

An advisory has been published regarding a critical 0-day unauthenticated RCE (Remote Code Execution) vulnerability in the Drupal System. Drupal is a free and open source content-management framework written in PHP, and it provides a back-end...

Gal Goldshtein
Updated 5 months ago by Gal Goldshtein
5 out of 5 stars

An advisory has been published regarding a critical 0-day Remote Code Execution vulnerability in Apache Struts. The vulnerability resides in the Apache Jakarta multipart parser and is triggered when it tries to parse the Content-Type header of the...

Michael Koyfman
Updated 1 month ago by Michael Koyfman
5 out of 5 stars

Part 2 in the series of Realizing value from a WAF. In this article, learn how BIG-IP ASM can block 0-day attacks.

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein
5 out of 5 stars

A new Apache Struts 2 vulnerability was published (S2-048) and a POC code exploiting it was publicly released. Read about how you can mitigate this vulnerability with the BIG-IP ASM.

Michael Koyfman
Updated 1 month ago by Michael Koyfman
5 out of 5 stars

Implement strong and effective application security measures by deploying a Web Application Firewall (WAF) in front of your web applications.

Peter Silva
Updated 3 months ago by Peter Silva
5 out of 5 stars

Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure.

John Wagnon
Updated 4 months ago by John Wagnon
5 out of 5 stars

Learn how to assess your applications using ImmuniWeb and use the results to build a customized security policy in the BIG-IP ASM.

Nir Zigler
Updated 4 months ago by Nir Zigler
5 out of 5 stars

Today we are reminded that old software can include new and critical security findings. Microsoft IIS 6.0 on Windows Server 2003 R2 is vulnerable to buffer overflow which leads to remote code execution. This is due to inproper validation of the...

John Wagnon
Updated 5 months ago by John Wagnon
5 out of 5 stars

Bot activity is something that needs to be monitored and controlled. On one hand, you want the good bots to access your site, but on the other hand you want the bad ones to stay away. The question is, “how do you know the difference?” And the unfortunate answer for many organizations is: “I have no idea.”

Gal Goldshtein
Updated 5 months ago by Gal Goldshtein
5 out of 5 stars

An advisory has been published regarding a critical 0-day Remote Code Execution vulnerability in Apache Struts. The vulnerability resides in the Apache Jakarta multipart parser and is triggered when it tries to parse the Content-Type header of the...

John Wagnon
Updated 2/9/2017 by John Wagnon
5 out of 5 stars

Distributed Denial of Service (DDoS) attacks were huge in 2016, and they will likely be a tough nemesis again in 2017…and beyond!  With all the excitement and trepidation surrounding these attacks, it’s important to know how to defend against...

Nir Zigler
Updated 2/5/2017 by Nir Zigler
5 out of 5 stars

Last week, a critical vulnerability has been detected in WordPress 4.7 by Sucuri researchers: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html The vulnerability allows unauthenticated attackers to change the...

Have a ASM Question or Discussion Topic?