Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Application Security Manager (ASM)

ASM is a web application firewall (WAF) that provides application security in traditional, virtual, and private cloud environments. Designed specifically for security, BIG-IP ASM secures applications against unknown vulnerabilities and enables compliance with key regulatory mandates.

Learn more

Articles

Peter Silva
Updated 1 month ago by Peter Silva

Updating an Auto-Scaled BIG-IP VE WAF in AWS while continuing to process application traffic.

Peter Silva
Updated 1 month ago by Peter Silva
5 out of 5 stars

Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure.

John Wagnon
Updated 2 months ago by John Wagnon
5 out of 5 stars

Learn how to assess your applications using ImmuniWeb and use the results to build a customized security policy in the BIG-IP ASM.

Nir Zigler
Updated 2 months ago by Nir Zigler
5 out of 5 stars

Today we are reminded that old software can include new and critical security findings. Microsoft IIS 6.0 on Windows Server 2003 R2 is vulnerable to buffer overflow which leads to remote code execution. This is due to inproper validation of the...

John Wagnon
Updated 3 months ago by John Wagnon
5 out of 5 stars

Bot activity is something that needs to be monitored and controlled. On one hand, you want the good bots to access your site, but on the other hand you want the bad ones to stay away. The question is, “how do you know the difference?” And the unfortunate answer for many organizations is: “I have no idea.”

Gal Goldshtein
Updated 3 months ago by Gal Goldshtein

An advisory has been published regarding a critical 0-day unauthenticated RCE (Remote Code Execution) vulnerability in the Drupal System. Drupal is a free and open source content-management framework written in PHP, and it provides a back-end...

Gal Goldshtein
Updated 3 months ago by Gal Goldshtein
5 out of 5 stars

An advisory has been published regarding a critical 0-day Remote Code Execution vulnerability in Apache Struts. The vulnerability resides in the Apache Jakarta multipart parser and is triggered when it tries to parse the Content-Type header of the...

John Wagnon
Updated 4 months ago by John Wagnon
5 out of 5 stars

Distributed Denial of Service (DDoS) attacks were huge in 2016, and they will likely be a tough nemesis again in 2017…and beyond!  With all the excitement and trepidation surrounding these attacks, it’s important to know how to defend against...

Lori MacVittie
Updated 4 months ago by Lori MacVittie

It's an API economy. If you don't have an API you're already behind. APIs are the fuel driving organizations' digital transformation. We've all heard something similar to these phrases in the past few years. And while they look...

Nir Zigler
Updated 4 months ago by Nir Zigler
5 out of 5 stars

Last week, a critical vulnerability has been detected in WordPress 4.7 by Sucuri researchers: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html The vulnerability allows unauthenticated attackers to change the...

Peter Silva
Updated 1 month ago by Peter Silva
5 out of 5 stars

Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure.

John Wagnon
Updated 2 months ago by John Wagnon
5 out of 5 stars

Learn how to assess your applications using ImmuniWeb and use the results to build a customized security policy in the BIG-IP ASM.

Nir Zigler
Updated 2 months ago by Nir Zigler
5 out of 5 stars

Today we are reminded that old software can include new and critical security findings. Microsoft IIS 6.0 on Windows Server 2003 R2 is vulnerable to buffer overflow which leads to remote code execution. This is due to inproper validation of the...

John Wagnon
Updated 3 months ago by John Wagnon
5 out of 5 stars

Bot activity is something that needs to be monitored and controlled. On one hand, you want the good bots to access your site, but on the other hand you want the bad ones to stay away. The question is, “how do you know the difference?” And the unfortunate answer for many organizations is: “I have no idea.”

Gal Goldshtein
Updated 3 months ago by Gal Goldshtein
5 out of 5 stars

An advisory has been published regarding a critical 0-day Remote Code Execution vulnerability in Apache Struts. The vulnerability resides in the Apache Jakarta multipart parser and is triggered when it tries to parse the Content-Type header of the...

John Wagnon
Updated 4 months ago by John Wagnon
5 out of 5 stars

Distributed Denial of Service (DDoS) attacks were huge in 2016, and they will likely be a tough nemesis again in 2017…and beyond!  With all the excitement and trepidation surrounding these attacks, it’s important to know how to defend against...

Nir Zigler
Updated 4 months ago by Nir Zigler
5 out of 5 stars

Last week, a critical vulnerability has been detected in WordPress 4.7 by Sucuri researchers: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html The vulnerability allows unauthenticated attackers to change the...

Maxim Zavodchik
Updated 5 months ago by Maxim Zavodchik
5 out of 5 stars

“Credentials stuffing” attack technique became a very popular way nowadays to brute force user accounts over web applications’ login pages. Instead of trying to guess a certain user password from a generated word list (a.k.a. “dictionary”),...

Maxim Zavodchik
Updated 5 months ago by Maxim Zavodchik
5 out of 5 stars

Recently reserachers at "Check Point" has uncovered 3 new previously unkown vulnerabilitites in the new version of PHP. CVE-2016-7479 and  CVE-2016-7480 could result in attackers taking a full control of the target server, while...

Maxim Zavodchik
Updated 5 months ago by Maxim Zavodchik
5 out of 5 stars

An advisory has been published on a critical 0-day unauthenticated RCE (Remote Code Execution) vulnerability in the “PHPMailer” system. PHPMailer is a popular code for sending email from PHP and probably the world’s most popular one according...

Have a ASM Question or Discussion Topic?