Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Articles

Sort results

Lightboard Lessons: Credential Stuffing

The essence of the Credential Stuffing problem centers around the fact that lots and lots of user credentials have been stolen from many different places.  An attacker will take stolen credentials from one place and try to "stuff" them into another Read more
1 Review

Joomla LDAP Injection Vulnerability (CVE-2017-14596)

In the recent days, a new vulnerability in Joomla has been published (CVE-2017-14596). The vulnerability concerns Joomla installations which have Joomla’s LDAP plugin installed and are using it to authenticate the system’s users. The vulnerability... Read more
0 Reviews

Apache Tomcat Remote Code Execution via JSP upload (CVE-2017-12615 / CVE-2017-12617)

In the recent days, a new vulnerability in Apache Tomcat has been published (CVE-2017-12615). The vulnerability allows attackers to upload arbitrary files to the Tomcat application server by utilizing the HTTP PUT method. By uploading a .JSP file... Read more
1 Review

Nessus 6 XSLT Conversion for ASM Generic Scanner Import

Nessus 6 XSLT Conversion for ASM Generic Scanner Schema Import Read more
Average Rating: 4.9
6 Reviews

Apache Struts 2 FreeMarker tag Remote Code Execution (CVE-2017-12611)

In the recent days, another 0-day remote code execution vulnerability in Apache Struts 2 has been published (CVE-2017-12611). This time the vulnerability’s root cause is not stemming from a bug in the Struts 2 framework, but a feature of the... Read more
2 Reviews

Apache Struts 2 REST plugin Remote Code Execution (CVE-2017-9805)

In the recent days, a new critical Apache Struts 2 vulnerability was announced which allows remote attackers to execute arbitrary commands on the server. The original post (S2-052) has not published exploit details yet, most probably to allow... Read more
Average Rating: 4.7
4 Reviews

PHP Serialized Object Vulnerabilities

Object serialization has always been a tricky subject. Using serialization as a design pattern can always lead to catastrophic consequences such as remote code execution when user input isn't properly validated. Read more
0 Reviews

Lightboard Lessons: BIG-IP ASM Layered Policies

In this Lightboard Lesson, I light up some use cases for BIG-IP ASM Layered Policies available in BIG-IP v13. With Parent and Child policies, you can: Impose mandatory policy elements on multiple policies; Create multiple policies with baseline... Read more
2 Reviews

Realizing value from a WAF in front of your application- Part 2

Part 2 in the series of Realizing value from a WAF. In this article, learn how BIG-IP ASM can block 0-day attacks. Read more
1 Review

Apache Struts 2 Showcase Remote Code Execution (CVE-2017-9791)

A new Apache Struts 2 vulnerability was published (S2-048) and a POC code exploiting it was publicly released. Read about how you can mitigate this vulnerability with the BIG-IP ASM. Read more
2 Reviews

Realizing value from a WAF in front of your application - Part 1

Implement strong and effective application security measures by deploying a Web Application Firewall (WAF) in front of your web applications. Read more
Average Rating: 4.5
7 Reviews

Updating an Auto-Scaled BIG-IP VE WAF in AWS

Updating an Auto-Scaled BIG-IP VE WAF in AWS while continuing to process application traffic. Read more
0 Reviews

Deploying F5’s Web Application Firewall in Microsoft Azure Security Center

Use F5’s Web Application Firewall (WAF) to protect web applications deployed in Microsoft Azure. Read more
1 Review

BIG-IP ASM Integration with ImmuniWeb

Learn how to assess your applications using ImmuniWeb and use the results to build a customized security policy in the BIG-IP ASM. Read more
1 Review

IIS 6.0 WebDAV Buffer Overflow

Today we are reminded that old software can include new and critical security findings. Microsoft IIS 6.0 on Windows Server 2003 R2 is vulnerable to buffer overflow which leads to remote code execution. This is due to inproper validation of the... Read more
1 Review

Proactive Bot Defense Using BIG-IP ASM

Bot activity is something that needs to be monitored and controlled. On one hand, you want the good bots to access your site, but on the other hand you want the bad ones to stay away. The question is, “how do you know the difference?” And the unfortunate answer for many organizations is: “I have no idea.” Read more
2 Reviews

Drupal 7.X Services Module Unserialize Vulnerability

An advisory has been published regarding a critical 0-day unauthenticated RCE (Remote Code Execution) vulnerability in the Drupal System. Drupal is a free and open source content-management framework written in PHP, and it provides a back-end... Read more
0 Reviews

Apache Struts Remote Code Execution Vulnerability (CVE-2017-5638)

An advisory has been published regarding a critical 0-day Remote Code Execution vulnerability in Apache Struts. The vulnerability resides in the Apache Jakarta multipart parser and is triggered when it tries to parse the Content-Type header of the... Read more
Average Rating: 4.9
3 Reviews

Security Trends in 2016: Defending DDoS Attacks

Distributed Denial of Service (DDoS) attacks were huge in 2016, and they will likely be a tough nemesis again in 2017…and beyond!  With all the excitement and trepidation surrounding these attacks, it’s important to know how to defend against... Read more
1 Review

WordPress REST API Vulnerability: Violating Security’s Rule Zero

It's an API economy. If you don't have an API you're already behind. APIs are the fuel driving organizations' digital transformation. We've all heard something similar to these phrases in the past few years. And while they look... Read more
0 Reviews

WordPress Content Injection Vulnerability - ASM Mitigation

Last week, a critical vulnerability has been detected in WordPress 4.7 by Sucuri researchers: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html The vulnerability allows unauthenticated attackers to change the... Read more
1 Review

The BIG-IP Application Security Manager Part 1: What is the ASM?

F5's BIG-IP Application Security Manager (ASM) is a layer 7 web application firewall (WAF) available on BIG-IP platforms. Read more
Average Rating: 4.8
17 Reviews

Cross Site Scripting (XSS) Exploit Paths

Web application threats continue to cause serious security issues for large corporations and small businesses alike.  In 2016, even the smallest, local family businesses have a Web presence, and it is important to understand the potential... Read more
0 Reviews

Mitigating “Sentry MBA” - Credentials Stuffing Threat

“Credentials stuffing” attack technique became a very popular way nowadays to brute force user accounts over web applications’ login pages. Instead of trying to guess a certain user password from a generated word list (a.k.a. “dictionary”),... Read more
Average Rating: 4.9
4 Reviews

PHP 7 Unserialize Mechanism 0-days

Recently reserachers at "Check Point" has uncovered 3 new previously unkown vulnerabilitites in the new version of PHP. CVE-2016-7479 and  CVE-2016-7480 could result in attackers taking a full control of the target server, while... Read more
Average Rating: 4.9
3 Reviews