The OWASP Top 10 is a list of the most common security risks on the Internet today.  The #10 risk in the latest edition is "Insufficient Logging and Monitoring".  Logging and monitoring are sometimes viewed as not the most interesting topics, but... Read more

The OWASP Top 10 is a list of the most common security risks on the Internet today.  The #9 risk is "Using Components With Known Vulnerabilities".  It may seem obvious that you wouldn't want to use components that have known vulnerabilities... Read more

If you missed our initial issues of the DC Chronicles, catch up on January Issue 1 and February Issue 2. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed over the... Read more

The OWASP Top 10 is a list of the most common security risks on the Internet today.  Insecure Deserialization comes in at the #8 spot in the latest edition... Read more

The OWASP Top 10 is a list of the most common security risks on the Internet today.  Cross Site Scripting (XSS) comes in at the #7 spot in the latest edition of the OWASP Top 10... Read more

The OWASP Top 10 is a list of the most common security risks on the Internet today.  Security Misconfiguration comes in at the #6 spot in the latest edition of the OWASP Top 10... Read more

The OWASP Top 10 is a list of the most common security risks on the Internet today. Broken Access Control comes in at the #5 spot in the latest edition of the OWASP Top 10. John discusses this security risk... Read more

The OWASP Top 10 is a list of the most common security risks on the Internet today.  XML External Entities comes in at the #4 spot in the latest edition of the OWASP Top 10... Read more

The OWASP Top 10 is a list of the most common security risks on the Internet today.  Sensitive Data Exposure comes in at the #3 spot in the latest edition of the OWASP Top 10. Read more

The OWASP Top 10 is a list of the most common security risks on the Internet today.  Broken Authentication comes in at the #2 spot in the latest edition of the OWASP Top 10. Read more

The OWASP Top 10 is a list of the most common security risks on the Internet today.  For the past several years, "Injection Attack" has been the #1 security risk on the Top 10 list. Read more

OWASP Top 10の2017年正式版がリリースされましたので、BIG-IP ASMのWAF機能でどのくらい対応できるか概要を紹介したいと思います。 Read more

With the release of the new 2017 Edition of the OWASP Top 10, we wanted to give a quick rundown of how BIG-IP ASM can mitigate these vulnerabilities. First, here's how the 2013 edition compares to 2017.   And how BIG-IP ASM mitigates the... Read more

February is Security Month here at DevCentral! It's an excellent time to brush up on your F5 Security knowledge now. Read more

Yesterday John showed you how BIG-IP Application Security Firewall can mitigate injection attacks. Today, we’ll cover number three on the list in cross-site scripting. XSS Scripting defined directly from the OWASP XSS page: Cross-Site Scripting... Read more

OWASP lists “injection” attacks as the number one security flaw on the Internet today.  In fact, injection attacks have made the OWASP top ten list for the past 12 years and have been listed as the number one attack for the past 6... Read more

Last week John Wagnon, David Holmes, and (virtually) I sat down with Jim Manico of Manicode Security to take a look an in depth look at the OWASP project. Among many other things within the security realm, including secure coding education and... Read more

The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.  They have a community of over 42,000 volunteers all over the world who offer their... Read more

The Open Web Application Security Project (OWASP) is focused on improving the security of software. Their mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software... Read more

It's fourth of July eve here in the states, and all of the children are aflutter, waiting to see if the fireworks fairy is going to bring them extra treats to set on fire tomorrow. (also, that's a fake thing I totally just made up).... Read more

The Internets are full of bad advice. Some is harmless, but some is downright dangerous, especially when it isn’t bad advice per se but rather shall we say, incomplete. Suggesting that you should only provide personal information to sites that use... Read more

A recent tweet about a free, Linux-based XML Security suite reminded me that we do not opine on the subject of XML security and its importance enough. SOA has certainly been dethroned as the technology darling du jour by cloud computing and... Read more

A recent tweet about a free, Linux-based XML Security suite reminded me that we do not opine on the subject of XML security and its importance enough. SOA has certainly been dethroned as the technology darling du jour by cloud computing and... Read more

The question is whether that impact is positive (a reduction) or negative (an increase). One of the biggest threats to data integrity is the introduction of malicious content via SQLi (SQL Injection) attacks. Traditional database access methods... Read more

But browser support is only half the solution, don’t forget to implement the server-side, too. Clickjacking, unlike more well-known (and understood) web application vulnerabilities, has been given scant amount of attention despite its risks and... Read more