Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Articles

Sort results

Mobile versus Mobile: An Identity Crisis

#mobileThe expansive options consumers revel in creates an identity crisis for IT that is best resolved via context-aware mobile mediation. Back in the days of the browser wars, when standards were still largely ignored and the battle for the... Read more
0 Reviews

Who Took the Cookie from the Cookie Jar … and Did They Have Proper Consent?

Cookies as a service enabled via infrastructure services provide an opportunity to improve your operational posture.  Fellow DevCentral blogger Robert Haynes posted a great look at a UK law regarding cookies. Back in May a new law went info... Read more
0 Reviews

F5 Friday: The Art of Efficient Defense

It’s not enough to have a strategic point of control; you’ve got to use it, too. One of the primary threats to the positive operational posture of an organization is that of extremely heavy load. Whether it’s from a concerted effort to take... Read more
0 Reviews

How To Limit URI Length Without Recompiling Apache

Use network-side scripting, of course! While just about every developer and information security professional knows that a buffer-overflow exploit can result in the execution of malicious code not many truly grok the “why”. Fortunately, it’s not... Read more
0 Reviews

Six Lines of Code

The fallacy of security is that simplicity or availability of the solution has anything to do with time to resolution The announcement of the discovery of a way in which an old vulnerability might be exploited gained a lot of attention because... Read more
0 Reviews

Out, Damn’d Bot! Out, I Say!

Exorcising your digital demons Most people are familiar with Shakespeare’s The Tragedy of Macbeth. Of particularly common usage is the famous line uttered repeatedly by Lady Macbeth, “Out, damn’d spot! Out, I say” as she tries to wash imaginary... Read more
0 Reviews

Turning the Pushdo Bot Into the Push-oh-no-you-don’t Bot

Options to put a stop to the latest mutation of the Pushdo trojan The Pushdo bot is a malevolent little beast that is nothing new to Infosec professionals. What might be new, however, is that it recently changed its code and now creates junk... Read more
0 Reviews

Extend Cross-Domain Request Security using Access-Control-Allow-Origin with Network-Side Scripting

The W3C specification now offers the means by which cross-origin AJAX requests can be achieved. Leveraging network and application network services in conjunction with application-specific logic improves security of allowing cross-domain requests... Read more
0 Reviews

How to Make mailto Safe Again

Using HTTP headers and default browser protocol handlers provides an opportunity to rediscover the usability and simplicity of the mailto protocol. Over the last decade it's become unsafe to use the mailto protocol on a website due to e-mail... Read more
0 Reviews

The Application Delivery Spell Book: Contingency

The long, lost application delivery spell compendium has been found! Its once hidden, arcane knowledge is slowly being translated for the good of all web applications. Luckily, you don’t have to be Elminster or Gandalf or to cast this spell over... Read more
0 Reviews

No Shirt, No Shoes, No HTTP Service

Using Anonymous Human Authentication to prevent illegitimate access to sites, services, and applications. In the “real world” there are generally accepted standards set for access to a business and its services. One of the most common standards... Read more
0 Reviews

WARNING: Security Device Enclosed

If you aren’t using all the security tools at your disposal you’re doing it wrong. How many times have you seen an employee wave on by a customer when the “security device enclosed” in some item – be it DVD, CD, or clothing – sets off the alarm... Read more
0 Reviews

TLS Man-in-the-Middle Attack Disclosed Yesterday Solved Today with Network-Side Scripting

Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed. Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our... Read more
0 Reviews

Excuse Me But Is That a Gazebo On Your Site?!

There are few things in reality that can match The Gazebo in its ability to evoke fear and suspicion amongst gamers. The links on your web site may be one of them. In the history of Dungeons and Dragons there exists the urban legend known to... Read more
0 Reviews

I Can Has UR .htaccess File

Notice that isn’t a question, it’s a statement of fact Twitter is having a bad month. After it was blamed, albeit incorrectly, for a breach leading to the disclosure of both personal and corporate information via Google’s GMail and Apps, its... Read more
0 Reviews

Rip and Replace Won’t Solve Twitter’s (Or Your) Security Problems

The “replace” in “rip and replace” essentially means getting rid of old security problems and replacing them with new ones. Twittergate is (thankfully) behind us but it’s almost assuredly going to be the case that we’ll be rehashing this one for... Read more
0 Reviews

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

But browser support is only half the solution, don’t forget to implement the server-side, too. Clickjacking, unlike more well-known (and understood) web application vulnerabilities, has been given scant amount of attention despite its risks and... Read more
Average Rating: 4.9
3 Reviews

What is server offload and why do I need it?

One of the tasks of an enterprise architect is to design a framework atop which developers can implement and deploy applications consistently and easily. The consistency is important for internal business continuity and reuse; common objects,... Read more
0 Reviews

Remember when…it was sprawl or nothing?

Ah, those were the days, weren’t they? When improving the security, reliability, and performance of applications over the LAN, over the WAN, and over the Internet meant you had to deploy many different solutions, each one standing on their own in... Read more
0 Reviews

Remember when…you had to choose between security and speed?

Ah, those were the days, weren’t they? When you needed a way to add security at several layers to your network and application network infrastructure but knew that implementing a solution capable of securing those pesky applications was more than... Read more
0 Reviews

Remember when…you had to choose between agility and performance?

Ah, those were the days, weren’t they? When you needed a way to inspect data at the edge for application-specific issues but knew that implementing a solution capable of that kind of agility was more than likely going to end up with poor... Read more
0 Reviews

Using Resource Obfuscation to Reduce Risk of Mass SQL Injection

One of the ways miscreants locate targets for mass SQL injection attacks that can leave your applications and data tainted with malware and malicious scripts is to simply seek out sites based on file extensions. Attackers know that .ASP and .PHP... Read more
0 Reviews

Do you control your application network stack? You should.

Owning the stack is important to security, but it’s also integral to a lot of other application delivery functions. And in some cases, it’s downright necessary. Hoff rants with his usual finesse in a recent posting with which I could not agree... Read more
0 Reviews

I am in your HTTP headers, attacking your application

Zero-day IE exploits and general mass SQL injection attacks often overshadow potentially more dangerous exploits targeting lesser known applications and attack vectors. These exploits are potentially more dangerous because once proven through a... Read more
0 Reviews

Stop brute force listing of HTTP OPTIONS with network-side scripting

Over the holidays Marcin @ tssci security offered up a python script for brute forcing the HTTP OPTIONS on directories. One of the reasons someone would want this information is because if you're (accidentally, of course) allowing PUT methods... Read more
0 Reviews