Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Articles

Sort results

Inside Look: BIG-IP ASM Botnet and Web Scraping Protection

I hang with WW Security architect Corey Marshall to get an inside look at the Botnet detection and Web scraping protection in BIG-IP ASM. LimelightPlayerUtil.initEmbed('limelight_player_846028');   ps Related: F5's YouTube... Read more
1 Review

Oracle OpenWorld 2012: BIG-IP ASM and Oracle Database Firewall Integration

I meet with F5 Business Development Solution Architect, Chris Akker to show the BIG-IP ASM integration with Oracle's Database Firewall. A layered, defense-in-depth approach along with the contextual information needed for digital forensic... Read more
0 Reviews

Vulnerability Assessment with Application Security

The longer an application remains vulnerable, the more likely it is to be compromised. Protecting web applications is an around-the-clock job. Almost anything that is connected to the Internet is a target these days, and organizations are... Read more
0 Reviews

F5 Case Study: WhiteHat Security

Founder & CTO of WhiteHat Security, Jeremiah Grossman talks about the F5/WhiteHat partnership, the benefits of the WhiteHat Sentinel & BIG-IP ASM integration, the sophistication level of some of the recent attacks/breaches reported in the... Read more
0 Reviews

F5 Friday: Zero-Day Apache Exploit? Zero-Problem

#infosec A recently discovered 0-day Apache exploit is no problem for BIG-IP. Here’s a couple of different options using F5 solutions to secure your site against it. It’s called “Apache Killer” and it’s yet another example of exploiting not a... Read more
0 Reviews

F5 Friday: If Only the Odds of a Security Breach were the Same as Being Hit by Lightning

#v11 AJAX, JSON and an ever increasing web application spread increase the odds of succumbing to a breach. BIG-IP ASM v11 reduces those odds, making it more likely you’ll win at the security table When we use analogy often enough it becomes... Read more
0 Reviews

Security in the Cloud. Developers, About Face!

There is a theory in traditional military strategy that goes something along the lines of “take land, consolidate your gains, take more land…” von Moltke the Elder found this theory so profound that he suggested a defender could trade land fo... Read more
0 Reviews

Window Coverings and Security

Note: While talking about this post with Lori during a break, it occurred to me that you might be thinking I meant “MS Windows”. Not this time, but that gives me another blog idea… And I’ll sneak in the windows –> Windows simile somewhere, no... Read more
0 Reviews

F5 Friday: Expected Behavior is not Necessarily Acceptable Behavior

Sometimes vulnerabilities are simply the result of a protocol design decision, but that doesn’t make it any less a vulnerability An article discussing a new attack on social networking applications that effectively provides an opening through... Read more
0 Reviews

F5 Friday: Two Heads are Better Than One

Detecting attacks is good, being able to do something about it is better. F5 and Oracle take their collaborative relationship even further into the data center, integrating web application and database firewall solutions to improve protection... Read more
0 Reviews

How To Limit URI Length Without Recompiling Apache

Use network-side scripting, of course! While just about every developer and information security professional knows that a buffer-overflow exploit can result in the execution of malicious code not many truly grok the “why”. Fortunately, it’s not... Read more
0 Reviews

F5 Friday: It is now safe to enable File Upload

Web 2.0 is about sharing content – user generated content. How do you enable that kind of collaboration without opening yourself up to the risk of infection? Turns out developers and administrators have a couple options… The goal of many a... Read more
1 Review

Defeating Attacks Easier Than Detecting Them

Defeating modern attacks – even distributed ones – isn’t the problem. The problem is detecting them in the first place. Last week researchers claimed they’ve discovered a way to exploit a basic security flaw that’s used in software that’s in... Read more
0 Reviews

Out, Damn’d Bot! Out, I Say!

Exorcising your digital demons Most people are familiar with Shakespeare’s The Tragedy of Macbeth. Of particularly common usage is the famous line uttered repeatedly by Lady Macbeth, “Out, damn’d spot! Out, I say” as she tries to wash imaginary... Read more
0 Reviews

Are You Scrubbing the Twitter Stream on Your Web Site?

Never never trust content from a user, even if that user is another application. Web 2.0 is as much about integration as it is interactivity. Thus it’s no surprise that an increasing number of organizations are including a feed of their recent... Read more
0 Reviews

Are You Scrubbing the Twitter Stream on Your Web Site?

Never never trust content from a user, even if that user is another application. Web 2.0 is as much about integration as it is interactivity. Thus it’s no surprise that an increasing number of organizations are including a feed of their recent... Read more
0 Reviews

Why Is Reusable Code So Hard to Secure?

Being an efficient developer often means abstracting functionality such that a single function can be applied to a variety of uses across an application. Even as this decreases risk of errors, time to develop, and the attack surface necessary to... Read more
0 Reviews

No Shirt, No Shoes, No HTTP Service

Using Anonymous Human Authentication to prevent illegitimate access to sites, services, and applications. In the “real world” there are generally accepted standards set for access to a business and its services. One of the most common standards... Read more
0 Reviews

The Application Delivery Spell Book: Detect Invisible (Application) Stalkers

The long, lost application delivery spell compendium has been found! Its once hidden, arcane knowledge is slowly being translated for the good of all web applications. Luckily, you don’t have to be Elminster or Gandalf or to cast this spell ov... Read more
0 Reviews

When Is More Important Than Where in Web Application Security

While you spend your time arguing over where application security belongs, miscreants are taking advantage of vulnerabilities. By the time you address the problem, they’ve moved on to the next one. Dmitry Evteev @ Positive Technologies Research... Read more
0 Reviews

Twitter Account Lockouts Continue to Plague Users

Brute force attacks by spammers seeking easy access causing frustration for users with no resolution in sight At least once a day I see someone on Twitter broadcast that they have been “locked out of their Twitter account, temporarily.” A search... Read more
0 Reviews

Excuse Me But Is That a Gazebo On Your Site?!

There are few things in reality that can match The Gazebo in its ability to evoke fear and suspicion amongst gamers. The links on your web site may be one of them. In the history of Dungeons and Dragons there exists the urban legend known to... Read more
0 Reviews

Web Application Security at the Edge is More Efficient Than In the Application

If one of the drivers for moving to cloud-based applications is reducing costs, you should think twice about the placement of application security solutions. There’s almost no way to avoid an argument on this subject so I won’t tiptoe around it:... Read more
1 Review

Log Files Do Not Improve Security

Logs are for auditing, accountability, and tracking down offenders – not for providing real-time security A new law signed into effect in February 2009 requires that health care providers and organizations subject to HIPAA notify affected... Read more
0 Reviews

Rip and Replace Won’t Solve Twitter’s (Or Your) Security Problems

The “replace” in “rip and replace” essentially means getting rid of old security problems and replacing them with new ones. Twittergate is (thankfully) behind us but it’s almost assuredly going to be the case that we’ll be rehashing this one for... Read more
0 Reviews