Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Articles

Sort results

APAC market research points to WAF being integrated with application delivery

We entered 2014 on a fillip. Frost & Sullivan had just named us the vendor leading WAF market in Asia Pacific and Japan. The Frost Industry Quotient, put F5 and nine other companies under their analytical magnifying glass, examining our mark... Read more
0 Reviews

F5 Friday: Expected Behavior is not Necessarily Acceptable Behavior

Sometimes vulnerabilities are simply the result of a protocol design decision, but that doesn’t make it any less a vulnerability An article discussing a new attack on social networking applications that effectively provides an opening through... Read more
0 Reviews

F5 Friday: Two Heads are Better Than One

Detecting attacks is good, being able to do something about it is better. F5 and Oracle take their collaborative relationship even further into the data center, integrating web application and database firewall solutions to improve protection... Read more
0 Reviews

F5 Friday: Multi-Layer Security for Multi-Layer Attacks

Modern DoS attacks are distributed, diverse and cross the chasm that divides network components from application infrastructure. A unified application delivery platform with multi-layer visibility is the best way to detect and mitigate multi-layer... Read more
0 Reviews

What We Learned from Anonymous: DDoS is now 3DoS

It’s not just that attacks are distributed, but that attacks are also diverse in nature – up and down the stack, at the same time. If Anonymous has taught us anything it’s that the future of information security is in fending off attacks across... Read more
0 Reviews

Are You Scrubbing the Twitter Stream on Your Web Site?

Never never trust content from a user, even if that user is another application. Web 2.0 is as much about integration as it is interactivity. Thus it’s no surprise that an increasing number of organizations are including a feed of their recent... Read more
0 Reviews

Are You Scrubbing the Twitter Stream on Your Web Site?

Never never trust content from a user, even if that user is another application. Web 2.0 is as much about integration as it is interactivity. Thus it’s no surprise that an increasing number of organizations are including a feed of their recent... Read more
0 Reviews

No Shirt, No Shoes, No HTTP Service

Using Anonymous Human Authentication to prevent illegitimate access to sites, services, and applications. In the “real world” there are generally accepted standards set for access to a business and its services. One of the most common standards... Read more
0 Reviews

When Is More Important Than Where in Web Application Security

While you spend your time arguing over where application security belongs, miscreants are taking advantage of vulnerabilities. By the time you address the problem, they’ve moved on to the next one. Dmitry Evteev @ Positive Technologies Research... Read more
0 Reviews

Twitter Account Lockouts Continue to Plague Users

Brute force attacks by spammers seeking easy access causing frustration for users with no resolution in sight At least once a day I see someone on Twitter broadcast that they have been “locked out of their Twitter account, temporarily.” A search... Read more
0 Reviews

Web Application Security at the Edge is More Efficient Than In the Application

If one of the drivers for moving to cloud-based applications is reducing costs, you should think twice about the placement of application security solutions. There’s almost no way to avoid an argument on this subject so I won’t tiptoe around it:... Read more
1 Review

I am in your HTTP headers, attacking your application

Zero-day IE exploits and general mass SQL injection attacks often overshadow potentially more dangerous exploits targeting lesser known applications and attack vectors. These exploits are potentially more dangerous because once proven through a... Read more
0 Reviews

3 reasons you need a WAF even if your code is (you think) secure

Everyone is buzzing and tweeting about the SANS Institute CWE/SANS Top 25 Most Dangerous Programming Errors, many heralding its release as the dawning of a new age in secure software. Indeed, it's already changing purchasing requirements.... Read more
0 Reviews

Security is not a luxury item

In the face of a recession everyone, individuals and organizations alike, begin scaling back spending. The first thing to go is luxury items; after all, you probably didn't need that big screen TV for Christmas, and the kids will likely be... Read more
0 Reviews

Which security strategy takes more time: configuration or coding?

One of the arguments against the deployment of web application firewalls (WAF) is that it takes time to configure these devices to fit each individual environment. This is allegedly one of the reasons that secure coding is preferred over security... Read more
0 Reviews

You're Doing It Wrong

Don and I were discussing security as a service and, as usual, he spouted off some wisdom in the form of an analogy that was too good to not to share. When you're walking down the street with your entourage and an angry, I mean really angr... Read more
0 Reviews

The Unpossible Task of Eliminating Risk

An ant named Archimedes is in a hole 6' deep. He climbs half the distance to the top every hour. How long does it take for him to escape the hole? Trick question. He can never, mathematically, escape. Realistically, we know that when... Read more
0 Reviews

4 reasons not to use mod_security

Apache is a great web server if for no other reason than it offers more flexibility through modules than just about any other web server. You can plug-in all sorts of modules to enhance the functionality of Apache. But as I often say, just because... Read more
0 Reviews

If this report doesn't scare you, nothing will

Verizon Business recently released its 2008 Data Breach Investigations Report, covering more than 500 different security breach incidents occurring in the past four years. It's a fascinating read and should be mandatory for business and IT... Read more
0 Reviews

PCI DSS Deadline Looming Large While Debate Continues - WAF vs VA

According to a recent ComputerWorld article, most retailers aren't ready for the forthcoming June deadline for PCI DSS compliance. From ComputerWorld :: Few expected to make June 30 PCI deadline for Web application securityMost retailers will... Read more
0 Reviews

(Security) Thunder from Down Under

This is an interesting article from Network World about how CIOs in Australia and New Zealand perceive security as being easier than reducing costs. The IDC Annual Forecast for Management report surveyed 363 IT executives from Australia (254... Read more
0 Reviews

WhiteHat + F5: "The Future Now"

You may have heard earlier this month that F5 Networks & WhiteHat Security have partnered to provide dynamic web application firewall security via an unprecedented combination of proactive vulnerability identification & dynamic... Read more
0 Reviews