Introduction iRules are a powerful tool in the F5 administrators arsenal. They allow administrators to adapt and customize the F5 to their needs. They provide extensive power for security engineers as well. We’ve decided it’s time to revisi... Read more

Introduction iRules are a powerful tool in the F5 administrators arsenal. They allow administrators to adapt and customize the F5 to their needs.  They provide extensive power for security engineers as well. We’ve decided it’s tim... Read more

SyntaxHighlighter.all();Two-factor authentication (hereafter 2FA) has been a staple in enterprise VPN environments for quite some time, but it is really taking off in the web application space now as well with services riding on smart phones like... Read more

In my first article in this series, I discussed web scraping -- what it is, why people do it, and why it could be harmful.  My second article outlined the details of bot detection and how the ASM blocks against these pesky littl... Read more

In my last article, I discussed the issue of web scraping and why it could be a problem for many individuals and/or companies.  In this article, we will dive into some of the technical details regarding bots and how the BIG-IP Application... Read more

Web Scraping Defined   We've all heard the term "web scraping" but what is this thing and why should we really care about it?  Web scraping refers to an application that is programmed to simulate human web surfing b... Read more

DevCentral uses WhiteHat Security's Sentinel service in our application development lifecycle as well as for production compliance. Beyond the direct benefits of improving our SDLC practices and reducing our window of exposure, F... Read more

Introduction What is a YubiKey? The YubiKey is an innovative USB-key that simplifies the process of logging in with strong two factor authentication. With a simple touch on the device, it generates a One-Time Password (OTP) on any compute... Read more

Introduction iRules are a powerful tool in the F5 administrators arsenal. They allow administrators to adapt and customize the F5 to their needs. They provide extensive power for security engineers as well. We’ve decided it’s time to revisit... Read more

Introduction iRules are a powerful tool in the F5 administrators arsenal. They allow administrators to adapt and customize the F5 to their needs.  They provide extensive power for security engineers as well. We’ve decided it’s ti... Read more

Most of us have been using hardware or software token to prove identity and to provide Two-Factor Authentication, either commercial and free. Google Authenticator is the first choice for mobile 2FA, because it's free and it runs on Smartphon... Read more

Situation:  Acme Corp is running at Mach 3, preparing to release the latest and greatest widget site of awesomeness.  The monkeys are ready, the bananas are ordered and the roller-skates on en route. In the first chapt... Read more

Sorry, I’ve been monkeying around on the twitter birds, following one of my favorites, SecurityHulk. https://twitter.com/securityhulk Follow, read, laugh, cry, and ponder the Green Wisdom.   Anywho, todays fun to be had is SSH.&#16... Read more

DNS is inherently insecure and exposed. F5 customers have been seeing a spate of DNS attacks and DNS denial of service lately, and I thought it would be a good idea to analyze a few of the common attack vectors, and ways F5s GTM, or LTM DNS... Read more

I love the fact that the ASM has so many pre-built attack signatures. The ASM engineers do a fantastic job at responding to new issues and getting fresh signatures out to help defend our networks. But, sometimes I am not a patient monk... Read more

So, I was having lunch with my buddy Byron, who is a fantabulous Sales Engineer here at F5. I know, the world sales sends shivers down my spine to, but trust me, he’s a sharp engineer.  We do what most co-workers do at lunch, comp... Read more

Access systems are messy. Wait, let me rephrase that, Poorly planned access systems are messy.  We’ve all seen it happen a thousand times. Someone comes r... Read more

ASM Bypass…  what you thinking Fool?  I just spent all this time tuning my ASM, turning it into a lean, mean, securing machine…  And now you want me to put in a bypass??  Ini... Read more

Situation:  New website needed for Acme Corporation. The business team has decided we need more widget sales. The web team has promised more sales if they c... Read more

We are currently installing an Edge Gateway in our network and we use RSA Soft Tokens for authentication.  We were looking for the browser plug-in option like there is on the firepass device and couldn't find it.  I have summited an... Read more

Welcome to the future!  Hoverboards for all,  new clear cola, skateboarding monkeys, and integrat... Read more

If you survived reading FIPS 140-2 and You!  Then it may have left you with inevitable set of questions. I have my F5. It has a FIPs HSM (Hardwa... Read more

FIPS 140-2 and you? FIPS.. the final frontier. These are the voyages of the Business Enterprise. To boldly send traffic where no one has sent before. To much? Perhaps, FIPS! The eternal pain in the butt? Whatever your opinion of FIPS 140-2, it’... Read more

Security is a top level priority in nearly every IT infrastructure these days. Whether it's keeping server patching up to date, putting in place hardened firewalls, password security models, denial of service prevention or any of the other... Read more

The bogeyman, the monster under the bed, the creature lurking in the darkness waiting to pounce…  That’s what it feels like we have made Denial of Service attacks o... Read more