Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Articles

Sort results

ThinkPHP 5.x Remote Code Execution Vulnerability

ThinkPHP is an open source PHP development framework for agile web application development. Recently, an unauthenticated remote code execution vulnerability was discovered in ThinkPHP... Read more
0 Reviews

Syncing ASM WAF Policies Between F5 BIG-IP's in Different Datacenters or Cloud Regions

Not too long ago, a question in one of my tech talks came up regarding how F5 sync's ASM policies between devices that may not be apart of the same HA Pair. The question derived from experience with another vendor in which policies would not... Read more
0 Reviews

Kubernetes Privilege Escalation Vulnerability - ASM Mitigation

A bug in the Kubernetes platform has been disclosed this week by its developers. The bug has been marked as critical vulnerability with a 9.8 CVSS score and assigned CVE-2018-1002105. Read more
0 Reviews

Block Known Threats Using F5's IP Intelligence Service

If you are not familiar with F5's IP Intelligence capability, it is an add-on service that integrates with both the Advanced Firewall Manager and Application Security Manager. Steve Lyons covers how IP Intelligence can help you. Read more
1 Review

WordPress + WooCommerce Plugin Design Flaw to RCE

Earlier this month (November 2018), RIPS Technologies blogged about a design flaw within WordPress that allows privilege escalation.  WordPress is one of the most commonly used Content Management System (CMS) and is used by over 32% of the... Read more
2 Reviews

RichFaces Framework 3.X Expression Language (EL) Injection (CVE-2018-14667)

Recently, a new vulnerability in the RichFaces framework was discovered and was assigned with CVE-2018-14667. RichFaces is one of the libraries that implement the JavaServer faces (JSF) specification which is the Java standard for building... Read more
0 Reviews

Integrating OPSWAT MetaDefender with F5 Advanced WAF & BIG-IP ASM

F5 has teamed up with OPSWAT to allow for comprehensive content analysis and sanitization. These capabilities include thorough malware scanning using over 30 leading anti-malware engines as well as Content Disarm and Reconstruction services... Read more
Average Rating: 4.9
3 Reviews

Lightboard Lessons: The Apache Struts 2 Remote Code Execution Vulnerability

The Apache Struts 2 framework is used extensively to build web applications.  This framework has also been the victim of several vulnerabilities that dramatically affect users all over the world... Read more
0 Reviews

Apache Struts 2 Namespace Evaluation Remote Code Execution (CVE-2018-11776 / S2-057)

In the recent days, a new Apache Struts 2 Remote Code Execution vulnerability was announced (S2-057) and CVE-2018-11776 was allocated. At the moment, there is no public Proof of Concept exploit available. for a Struts 2 application to be... Read more
2 Reviews

Oracle Periodically Security Update – Mitigating with ASM

Recently Oracle published its periodically security advisory. The advisory contains fixes for 334 CVEs, 231 of them are exploitable over the HTTP protocol. Oracle tends not to publicly disclose details related to the attack vectors of the... Read more
0 Reviews

New BIG-IP ASM v13 WordPress v4.9 Ready Template

F5 has created a specialized ASM template to simplify the configuration process of WordPress v4.9 with the new version of BIG-IP 13.x Click here to access the .zip file that contains the template:  WordPress v4.9 ASM Template for BIG-IP... Read more
0 Reviews

New BIG-IP ASM v13 Drupal v8 Ready Template

ASM Ready Template update for Drupal v8 include Goal/Deployment steps Read more
0 Reviews

Remote Code Execution with Spring OAuth Extension (CVE-2018-1260)

Recently, a new Remote Code Execution vulnerability in Spring OAuth extension was published by Pivotal. The OAuth Protocol OAuth is a protocol that supports authorization processes by enabling users to share their data and resources stored on... Read more
0 Reviews

AppSec Made Easy: Credential Protection

Learn how to use the F5 Advanced Web Application Firewall to protect your credentials. Identities are the keys to our applications and criminals can steal them right from the browser. DataSafe protects the credentials at the most vulnerable point. Read more
1 Review

AppSec Made Easy: L7 Behavioral DoS

Learn how to use the F5 Advanced Web Application Firewall to easily implement Behavioral DoS protections for your application using dynamic signatures to reduce false positives and automate protection. Read more
1 Review

AppSec Made Easy: Anti-Bot for Mobile APIs

Learn how to use the F5 Advanced Web Application Firewall to easily lock down your applications so that bots can’t attack your mobile APIs. This video will show you the quick way to add anti-bot and other protections directly into your mobile app. Read more
Average Rating: 4.9
4 Reviews

AppSec Made Easy: Proactive Bot Defense

Learn how to use the F5 Advanced Web Application Firewall to easily protect your applications against bots. Bots can be used as tools for a variety of attacks such as DoS, credential stuffing and brute force, or web scraping. Read more
Average Rating: 4.7
3 Reviews

Drupal Core Remote Code Execution (CVE-2018-7602)

A new critical Remote Code Execution vulnerability in Drupal core was published. This new vulnerability is similar to CVE-2018-7600, also known as “Drupalgeddon 2”. It was found that the sanitation function that was added to address the... Read more
0 Reviews

Getting In Shape For Summer With BIG-IP Per App Virtual Edition

What happens when you cross a developer with a fitness instructor? You get BIG-IP Per App VE. DevCentral discusses the new per-App instance of BIG-IP providing LTM and WAF functionality wherever your applications reside. Read more
1 Review

Directory Traversal with Spring MVC on Windows (CVE-2018-1271)

Recently a directory traversal vulnerability in the Spring Framework was published (CVE-2018-1271). The Spring application will only be vulnerable when it is deployed on a Microsoft Windows based operating system and the application developer uses... Read more
0 Reviews

Remote Code Execution with Spring Data Commons (CVE-2018-1273)

In the recent days another critical vulnerability in Spring Framework was published (CVE-2018-1273). This time the vulnerable component is Spring Data Commons. Spring Data component goal is to provide a common API for accessing NoSQL and... Read more
0 Reviews

Lightboard Lessons: What is a Web Application Firewall (WAF)?

Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic... Read more
2 Reviews

Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270 / CVE-2018-1275)

In the recent days a critical vulnerability in Spring framework was published. The vulnerable component is Spring-Messaging which is the Spring implementation of WebSockets, Spring-Messaging uses the STOMP messaging protocol as the subprotocol for... Read more
0 Reviews

Methods to attach ASM policy to virtual server via REST API requests

Understand different ways to attach ASM security policies to a BIG-IP virtual server with DevCentral. Read more
0 Reviews

Jackson-Databind - A Story of Blacklisting Java Deserialization Gadgets

Jackson is a popular library for parsing JSON documents in Java. Jackson-Databind is a module of the Jackson library that allows automatic transformation from JSON to Java objects and vice versa. In June 2017, an unsafe deserialization... Read more
0 Reviews