Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Articles

Sort results

Getting In Shape For Summer With BIG-IP Per App Virtual Edition

What happens when you cross a developer with a fitness instructor? You get BIG-IP Per App VE. DevCentral discusses the new per-App instance of BIG-IP providing LTM and WAF functionality wherever your applications reside. Read more
1 Review

Directory Traversal with Spring MVC on Windows (CVE-2018-1271)

Recently a directory traversal vulnerability in the Spring Framework was published (CVE-2018-1271). The Spring application will only be vulnerable when it is deployed on a Microsoft Windows based operating system and the application developer uses... Read more
0 Reviews

Remote Code Execution with Spring Data Commons (CVE-2018-1273)

In the recent days another critical vulnerability in Spring Framework was published (CVE-2018-1273). This time the vulnerable component is Spring Data Commons. Spring Data component goal is to provide a common API for accessing NoSQL and... Read more
0 Reviews

Lightboard Lessons: What is a Web Application Firewall (WAF)?

Traditional network firewalls (Layer 3-4) do a great job preventing outsiders from accessing internal networks. But, these firewalls offer little to no support in the protection of application layer traffic... Read more
1 Review

Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270 / CVE-2018-1275)

In the recent days a critical vulnerability in Spring framework was published. The vulnerable component is Spring-Messaging which is the Spring implementation of WebSockets, Spring-Messaging uses the STOMP messaging protocol as the subprotocol for... Read more
0 Reviews

Methods to attach ASM policy to virtual server via REST API requests

Understand different ways to attach ASM security policies to a BIG-IP virtual server with DevCentral. Read more
0 Reviews

Jackson-Databind - A Story of Blacklisting Java Deserialization Gadgets

Jackson is a popular library for parsing JSON documents in Java. Jackson-Databind is a module of the Jackson library that allows automatic transformation from JSON to Java objects and vice versa. In June 2017, an unsafe deserialization... Read more
0 Reviews

Drupal Core SA-CORE-2018-002 Remote Code Execution Vulnerability

The Drupal community woke up to a worrisome morning with the SA-CORE-2018-002 security advisory. The highly critical vulnerability mentions remote code execution vulnerability applicable to multiple Drupal core subsystems. The vulnerability... Read more
0 Reviews

Protect your AWS API Gateway with F5 BIG-IP WAF

This article will help you deploy an F5 BIG-IP WAF in front of your AWS API Gateway to provide additional security. It shows how to deploy a basic WAF policy to protect your API Gateway, and you can expand from there to add Denial of Service or... Read more
Average Rating: 4.9
7 Reviews

New BIG-IP ASM v13.1.0.1 Drupal 8 Ready Template

Drupal 8 ASM Template for BIG-IP v13.x Read more
0 Reviews
0 Reviews

Jenkins Unsafe Deserialization Vulnerability (CVE-2017-1000353)

Jenkins is an open source automation server which can be used to automate all sorts of tasks related to building, testing, and delivering or deploying software. In April 2017 Jenkins have published a security advisory that revealed an unsafe... Read more
0 Reviews

The Top Ten Hardcore F5 Security Features in BIG-IP 13!

David Holmes, Skymall's runner-up for sexiest man over 55, reveals the ten most hardcore security features in versions 13.0 and 13.1. You don't want to miss this one. Read more
Average Rating: 4.9
8 Reviews

New BIG-IP ASM v13.1.0.1 Outlook Web Access (OWA) 2016 template

Updated ASM Outlook Web Access (OWA) 2016 template for BIG-IP version 13.x Read more
0 Reviews

Meltdown and Spectre Web Application Risk Management

The recently disclosed groundbreaking vulnerabilities have set a precedent for how massive a security vulnerability can be. In the recent years, we have witnessed vulnerabilities that affect major frameworks like Java, PHP, OpenSSL and CGI... Read more
2 Reviews

JBoss Arbitrary code execution via unrestricted deserialization in ReadOnlyAccessFilter (CVE-2017-12149)

In late August 2017 Redhat have published a security advisory regarding an arbitrary code execution vulnerability in JBoss and recently a Proof of Concept exploit was publicly released. This vulnerability is added to the long list of unsafe... Read more
0 Reviews

Oracle WebLogic WLS Security Component Remote Code Execution (CVE-2017-10271)

In October 2017 Oracle have published a vulnerability concerning Oracle WebLogic and assigned CVE-2017-10271 to it. Since then no public information regarding this vulnerability was available until a few days ago, when an analysis of the... Read more
2 Reviews

BIG-IP ASMで対応するOWASP Top 10 - 2017年版

OWASP Top 10の2017年正式版がリリースされましたので、BIG-IP ASMのWAF機能でどのくらい対応できるか概要を紹介したいと思います。 Read more
0 Reviews

Jackson-Databind Unsafe Unserialization Remote Code Execution (CVE-2017-7525, CVE-2017-15095)

Recently a new vulnerability in Jackson, a popular Java library used for parsing JSON, was published and assigned CVE-2017-7525. The Jackson-databind package allows programmers to construct Java objects out of JSON documents, and as we have... Read more
1 Review

The OWASP Top 10 - 2017 vs. BIG-IP ASM

With the release of the new 2017 Edition of the OWASP Top 10, we wanted to give a quick rundown of how BIG-IP ASM can mitigate these vulnerabilities. First, here's how the 2013 edition compares to 2017.   And how BIG-IP ASM mitigates the... Read more
1 Review

Mitigate L7 DDoS with BIG-IP ASM

Today, let’s look at a couple ways to mitigate a DDoS attack with BIG-IP ASM. We’ve logged into a BIG-IP ASM and navigated to Security>DDoS Protection>DDoS Profiles. In the General Settings of Application Security, we’ll activate an... Read more
1 Review

Post of the Week: Blocking a Specific URI

In this "Post of the Week" video, we show how to block a specific URI using a custom ASM signature and an iRule. Read more
0 Reviews

Oracle Identity Manager Remote Hijack Vulnerability (CVE-2017-10151)

Last week, Oracle has released an out of cycle security advisory (CVE-2017-10151) for a vulnerability which affects Oracle identity manager. The vulnerability allows attackers to access Oracle Identity Manager using a built-in account... Read more
0 Reviews

Lightboard Lessons: Credential Stuffing

The essence of the Credential Stuffing problem centers around the fact that lots and lots of user credentials have been stolen from many different places.  An attacker will take stolen credentials from one place and try to "stuff" them into another Read more
1 Review

Joomla LDAP Injection Vulnerability (CVE-2017-14596)

In the recent days, a new vulnerability in Joomla has been published (CVE-2017-14596). The vulnerability concerns Joomla installations which have Joomla’s LDAP plugin installed and are using it to authenticate the system’s users. The vulnerability... Read more
0 Reviews