Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Articles

Sort results

F5 Friday: Zero-Day Apache Exploit? Zero-Problem

#infosec A recently discovered 0-day Apache exploit is no problem for BIG-IP. Here’s a couple of different options using F5 solutions to secure your site against it. It’s called “Apache Killer” and it’s yet another example of exploiting not a... Read more
0 Reviews

How To Limit URI Length Without Recompiling Apache

Use network-side scripting, of course! While just about every developer and information security professional knows that a buffer-overflow exploit can result in the execution of malicious code not many truly grok the “why”. Fortunately, it’s not... Read more
0 Reviews

No Shirt, No Shoes, No HTTP Service

Using Anonymous Human Authentication to prevent illegitimate access to sites, services, and applications. In the “real world” there are generally accepted standards set for access to a business and its services. One of the most common standards... Read more
0 Reviews

Rip and Replace Won’t Solve Twitter’s (Or Your) Security Problems

The “replace” in “rip and replace” essentially means getting rid of old security problems and replacing them with new ones. Twittergate is (thankfully) behind us but it’s almost assuredly going to be the case that we’ll be rehashing this one for... Read more
0 Reviews

Ruby developers ignore security risks, claim X-JSON header ‘nothing serious’

Those who cannot remember the past are condemned to repeat it. George Santayana, The Life of Reason, Volume 1, 1905 US (Spanish-born) philosopher (1863 - 1952) This oft repeated quote needs to be tweaked just a bit to be more applicable to... Read more
0 Reviews

I am in your HTTP headers, attacking your application

Zero-day IE exploits and general mass SQL injection attacks often overshadow potentially more dangerous exploits targeting lesser known applications and attack vectors. These exploits are potentially more dangerous because once proven through a... Read more
0 Reviews

BusinessWeek takes viral advertising a little too seriously

Yesterday it was reported that BusinessWeek had been infected with malware via an SQL injection attack. [begin Mom lecture] Remember when we talked about PCI DSS being a good idea for everyone, even though... Read more
0 Reviews