Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


articlesecurityadnnewstechtip October 24, 2012 by Josh Michaels
Situation:  Acme Corp is running at Mach 3, preparing to release the latest and greatest widget site of awesomeness.  The monkeys are ready, the bananas are ordered and the roller-skates on en route. In the first chapter of “Security is hard” , we performed the design gathering and white boarding. With the data we gathered from meeting with the development team, we were able to draft out a good plan for securely providing the accesses and resources the business ...
articlesecurityadnasmnewstechtip August 16, 2012 by Josh Michaels
ASM Bypass…  what you thinking Fool?  I just spent all this time tuning my ASM, turning it into a lean, mean, securing machine…  And now you want me to put in a bypass??  Initial response:  WHY oh why do you do this to me? I’m just a poor security primate trying to make sure we don’t get pwn’d by every script kiddie and 1337 out there on the net. It’s hard enough to do that without having my own co-workers trying to open more holes in perimeter. I mean serio...
  Welcome to the future!  Hoverboards for all,  new clear cola, skateboarding monkeys, and integrated WAF scanners!                 Ok, so clear cola was kind of a flop, the monkey’s have advanced to writing TCL, and I am still wait...
articlesecurityadnnewstechtip May 02, 2012 by Josh Michaels
->Part of the F5/Owasp Top Ten Series   Number two on Owasp list is Cross Site Scripting (XSS). Their definition is “XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions,deface web sites, or redirect the user to malicious sites. “ Whats that mean? Simply...
->Part of the F5/Owasp Top Ten Series    At the top of the  Owasp list is Injections. Their definition is “Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. “   Long story short, it’s is allowing unsanitized input into a program field that has the potential for ex...
  Everyone is familiar with the Owasp Top 10. Below, you will find some notes on the Top 10, as well as ways to mitigate these potential threats to your environment.  You can also download the PDF format by clicking the blankie ––> This is the first in a series that will cover the attack vectors and how to apply the protection methods.   ...
Introduction Virtually every dynamic site on the Internet these days makes use of a CAPTCHA in some fashion. A CAPTCHA is used to verify that a human is driving the interaction with a particular  function on a site. A CAPTCHA in its simplest form involves an end-user copying the text from an image to a text field. If the user-entered text matches that of the image, the user is allowed access to the requested resource. Variations to the classic CAPTCHA can involve doing simple math, solving...
articlebig-ipisvnewstechtip January 12, 2012 by Joe Pruitt
The Problem HTML Web forms are a mechanism for someone to build a web page that allows a user to send data to a server for processing.  Users can fill out the forms with elements such as checkboxes, radio buttons, or text fields.  When a user clicks the associated “Submit” button, the data they entered into the form is sent to the server for processing. This is where the issue arises.  Most form processing components are not smart enough to know where or how the data was sent to...