Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Application Security Manager (ASM)

ASM is a web application firewall (WAF) that provides application security in traditional, virtual, and private cloud environments. Designed specifically for security, BIG-IP ASM secures applications against unknown vulnerabilities and enables compliance with key regulatory mandates.

Learn more

Articles

John Wagnon
Updated 5 days ago by John Wagnon
5 out of 5 stars

The essence of the Credential Stuffing problem centers around the fact that lots and lots of user credentials have been stolen from many different places.  An attacker will take stolen credentials from one place and try to "stuff" them into another

Gal Goldshtein
Updated 2 weeks ago by Gal Goldshtein

In the recent days, a new vulnerability in Joomla has been published (CVE-2017-14596). The vulnerability concerns Joomla installations which have Joomla’s LDAP plugin installed and are using it to authenticate the system’s users. The vulnerability...

Gal Goldshtein
Updated 2 weeks ago by Gal Goldshtein
5 out of 5 stars

In the recent days, a new vulnerability in Apache Tomcat has been published (CVE-2017-12615). The vulnerability allows attackers to upload arbitrary files to the Tomcat application server by utilizing the HTTP PUT method. By uploading a .JSP file...

Michael J
Updated 1 month ago by Michael J
5 out of 5 stars

Nessus 6 XSLT Conversion for ASM Generic Scanner Schema Import

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein
5 out of 5 stars

In the recent days, another 0-day remote code execution vulnerability in Apache Struts 2 has been published (CVE-2017-12611). This time the vulnerability’s root cause is not stemming from a bug in the Struts 2 framework, but a feature of the...

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein
5 out of 5 stars

In the recent days, a new critical Apache Struts 2 vulnerability was announced which allows remote attackers to execute arbitrary commands on the server. The original post (S2-052) has not published exploit details yet, most probably to allow...

Nir Zigler
Updated 1 month ago by Nir Zigler

Object serialization has always been a tricky subject. Using serialization as a design pattern can always lead to catastrophic consequences such as remote code execution when user input isn't properly validated.

Peter Silva
Updated 1 month ago by Peter Silva
5 out of 5 stars

In this Lightboard Lesson, I light up some use cases for BIG-IP ASM Layered Policies available in BIG-IP v13. With Parent and Child policies, you can: Impose mandatory policy elements on multiple policies; Create multiple policies with baseline...

Michael Koyfman
Updated 3 months ago by Michael Koyfman
5 out of 5 stars

Part 2 in the series of Realizing value from a WAF. In this article, learn how BIG-IP ASM can block 0-day attacks.

Gal Goldshtein
Updated 3 months ago by Gal Goldshtein
5 out of 5 stars

A new Apache Struts 2 vulnerability was published (S2-048) and a POC code exploiting it was publicly released. Read about how you can mitigate this vulnerability with the BIG-IP ASM.

John Wagnon
Updated 5 days ago by John Wagnon
5 out of 5 stars

The essence of the Credential Stuffing problem centers around the fact that lots and lots of user credentials have been stolen from many different places.  An attacker will take stolen credentials from one place and try to "stuff" them into another

Gal Goldshtein
Updated 2 weeks ago by Gal Goldshtein
5 out of 5 stars

In the recent days, a new vulnerability in Apache Tomcat has been published (CVE-2017-12615). The vulnerability allows attackers to upload arbitrary files to the Tomcat application server by utilizing the HTTP PUT method. By uploading a .JSP file...

Michael J
Updated 1 month ago by Michael J
5 out of 5 stars

Nessus 6 XSLT Conversion for ASM Generic Scanner Schema Import

Gal Goldshtein
Updated 1 month ago by Gal Goldshtein
5 out of 5 stars

In the recent days, another 0-day remote code execution vulnerability in Apache Struts 2 has been published (CVE-2017-12611). This time the vulnerability’s root cause is not stemming from a bug in the Struts 2 framework, but a feature of the...

Peter Silva
Updated 1 month ago by Peter Silva
5 out of 5 stars

In this Lightboard Lesson, I light up some use cases for BIG-IP ASM Layered Policies available in BIG-IP v13. With Parent and Child policies, you can: Impose mandatory policy elements on multiple policies; Create multiple policies with baseline...

Michael Koyfman
Updated 3 months ago by Michael Koyfman
5 out of 5 stars

Part 2 in the series of Realizing value from a WAF. In this article, learn how BIG-IP ASM can block 0-day attacks.

Gal Goldshtein
Updated 3 months ago by Gal Goldshtein
5 out of 5 stars

A new Apache Struts 2 vulnerability was published (S2-048) and a POC code exploiting it was publicly released. Read about how you can mitigate this vulnerability with the BIG-IP ASM.

Peter Silva
Updated 5 months ago by Peter Silva
5 out of 5 stars

Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure.

John Wagnon
Updated 5 months ago by John Wagnon
5 out of 5 stars

Learn how to assess your applications using ImmuniWeb and use the results to build a customized security policy in the BIG-IP ASM.

Nir Zigler
Updated 3/29/2017 by Nir Zigler
5 out of 5 stars

Today we are reminded that old software can include new and critical security findings. Microsoft IIS 6.0 on Windows Server 2003 R2 is vulnerable to buffer overflow which leads to remote code execution. This is due to inproper validation of the...

Have a ASM Question or Discussion Topic?

Answers

Apache Webserver
Updated 3 hours ago
By MSZ
0 votes
CVE - Signature ID
Updated 3 hours ago
By MSZ
0 votes
ASM traffic logs not updating in SIEM ARCsight
Updated 8 hours ago
0 votes
Exclude url ASM
Updated 22 hours ago
By Santi
0 votes
ASM TS cookie issue
Updated 22 hours ago
By Spela
0 votes