Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Articles

Sort results

Meltdown and Spectre Web Application Risk Management

The recently disclosed groundbreaking vulnerabilities have set a precedent for how massive a security vulnerability can be. In the recent years, we have witnessed vulnerabilities that affect major frameworks like Java, PHP, OpenSSL and CGI... Read more
2 Reviews

JBoss Arbitrary code execution via unrestricted deserialization in ReadOnlyAccessFilter (CVE-2017-12149)

In late August 2017 Redhat have published a security advisory regarding an arbitrary code execution vulnerability in JBoss and recently a Proof of Concept exploit was publicly released. This vulnerability is added to the long list of unsafe... Read more
0 Reviews

Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271)

In October 2017 Oracle have published a vulnerability concerning Oracle WebLogic and assigned CVE-2017-10271 to it. Since then no public information regarding this vulnerability was available until a few days ago, when an analysis of the... Read more
2 Reviews

BIG-IP ASMで対応するOWASP Top 10 - 2017年版

OWASP Top 10の2017年正式版がリリースされましたので、BIG-IP ASMのWAF機能でどのくらい対応できるか概要を紹介したいと思います。 Read more
0 Reviews

Jackson-Databind Unsafe Unserialization Remote Code Execution (CVE-2017-7525, CVE-2017-15095)

Recently a new vulnerability in Jackson, a popular Java library used for parsing JSON, was published and assigned CVE-2017-7525. The Jackson-databind package allows programmers to construct Java objects out of JSON documents, and as we have... Read more
1 Review

The OWASP Top 10 - 2017 vs. BIG-IP ASM

With the release of the new 2017 Edition of the OWASP Top 10, we wanted to give a quick rundown of how BIG-IP ASM can mitigate these vulnerabilities. First, here's how the 2013 edition compares to 2017.   And how BIG-IP ASM mitigates the... Read more
1 Review

Mitigate L7 DDoS with BIG-IP ASM

Today, let’s look at a couple ways to mitigate a DDoS attack with BIG-IP ASM. We’ve logged into a BIG-IP ASM and navigated to Security>DDoS Protection>DDoS Profiles. In the General Settings of Application Security, we’ll activate an... Read more
1 Review

Post of the Week: Blocking a Specific URI

In this "Post of the Week" video, we show how to block a specific URI using a custom ASM signature and an iRule. Read more
0 Reviews

Oracle Identity Manager Remote Hijack Vulnerability (CVE-2017-10151)

Last week, Oracle has released an out of cycle security advisory (CVE-2017-10151) for a vulnerability which affects Oracle identity manager. The vulnerability allows attackers to access Oracle Identity Manager using a built-in account... Read more
0 Reviews

Lightboard Lessons: Credential Stuffing

The essence of the Credential Stuffing problem centers around the fact that lots and lots of user credentials have been stolen from many different places.  An attacker will take stolen credentials from one place and try to "stuff" them into another Read more
1 Review

Joomla LDAP Injection Vulnerability (CVE-2017-14596)

In the recent days, a new vulnerability in Joomla has been published (CVE-2017-14596). The vulnerability concerns Joomla installations which have Joomla’s LDAP plugin installed and are using it to authenticate the system’s users. The vulnerability... Read more
0 Reviews

Apache Tomcat Remote Code Execution via JSP upload (CVE-2017-12615 / CVE-2017-12617)

In the recent days, a new vulnerability in Apache Tomcat has been published (CVE-2017-12615). The vulnerability allows attackers to upload arbitrary files to the Tomcat application server by utilizing the HTTP PUT method. By uploading a .JSP file... Read more
1 Review

Nessus 6 XSLT Conversion for ASM Generic Scanner Import

Nessus 6 XSLT Conversion for ASM Generic Scanner Schema Import Read more
Average Rating: 4.9
6 Reviews

Apache Struts 2 FreeMarker tag Remote Code Execution (CVE-2017-12611)

In the recent days, another 0-day remote code execution vulnerability in Apache Struts 2 has been published (CVE-2017-12611). This time the vulnerability’s root cause is not stemming from a bug in the Struts 2 framework, but a feature of the... Read more
2 Reviews

Apache Struts 2 REST plugin Remote Code Execution (CVE-2017-9805)

In the recent days, a new critical Apache Struts 2 vulnerability was announced which allows remote attackers to execute arbitrary commands on the server. The original post (S2-052) has not published exploit details yet, most probably to allow... Read more
Average Rating: 4.7
4 Reviews

PHP Serialized Object Vulnerabilities

Object serialization has always been a tricky subject. Using serialization as a design pattern can always lead to catastrophic consequences such as remote code execution when user input isn't properly validated. Read more
0 Reviews

Lightboard Lessons: BIG-IP ASM Layered Policies

In this Lightboard Lesson, I light up some use cases for BIG-IP ASM Layered Policies available in BIG-IP v13. With Parent and Child policies, you can: Impose mandatory policy elements on multiple policies; Create multiple policies with baseline... Read more
2 Reviews

Realizing value from a WAF in front of your application- Part 2

Part 2 in the series of Realizing value from a WAF. In this article, learn how BIG-IP ASM can block 0-day attacks. Read more
2 Reviews

Apache Struts 2 Showcase Remote Code Execution (CVE-2017-9791)

A new Apache Struts 2 vulnerability was published (S2-048) and a POC code exploiting it was publicly released. Read about how you can mitigate this vulnerability with the BIG-IP ASM. Read more
2 Reviews

Realizing value from a WAF in front of your application - Part 1

Implement strong and effective application security measures by deploying a Web Application Firewall (WAF) in front of your web applications. Read more
Average Rating: 4.5
7 Reviews

Updating an Auto-Scaled BIG-IP VE WAF in AWS

Updating an Auto-Scaled BIG-IP VE WAF in AWS while continuing to process application traffic. Read more
0 Reviews

Deploying F5’s Web Application Firewall in Microsoft Azure Security Center

Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure. Read more
1 Review

BIG-IP ASM Integration with ImmuniWeb

Learn how to assess your applications using ImmuniWeb and use the results to build a customized security policy in the BIG-IP ASM. Read more
1 Review

IIS 6.0 WebDAV Buffer Overflow

Today we are reminded that old software can include new and critical security findings. Microsoft IIS 6.0 on Windows Server 2003 R2 is vulnerable to buffer overflow which leads to remote code execution. This is due to inproper validation of the... Read more
1 Review

Proactive Bot Defense Using BIG-IP ASM

Bot activity is something that needs to be monitored and controlled. On one hand, you want the good bots to access your site, but on the other hand you want the bad ones to stay away. Read more
2 Reviews