Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters

Articles

Sort results

Lightboard Lessons: Dynamic AFM Policy Selection Based on Geolocation

For some web applications, you need a separate network firewall policy for users from different geographic locations.  Using the power of iRules and VIP-targeting-VIP solutions, you can dynamically select an AFM policy based on source IP geolocation. Read more
2 Reviews

Nessus 6 XSLT Conversion for ASM Generic Scanner Import

Nessus 6 XSLT Conversion for ASM Generic Scanner Schema Import Read more
Average Rating: 4.9
5 Reviews

Apache Struts 2 FreeMarker tag Remote Code Execution (CVE-2017-12611)

In the recent days, another 0-day remote code execution vulnerability in Apache Struts 2 has been published (CVE-2017-12611). This time the vulnerability’s root cause is not stemming from a bug in the Struts 2 framework, but a feature of the... Read more
2 Reviews

Apache Struts 2 REST plugin Remote Code Execution (CVE-2017-9805)

In the recent days, a new critical Apache Struts 2 vulnerability was announced which allows remote attackers to execute arbitrary commands on the server. The original post (S2-052) has not published exploit details yet, most probably to allow... Read more
Average Rating: 4.8
4 Reviews

Tightening the Security of HTTP Traffic Part 3

Part 3:   Headers to remove   Server and X-Powered-by headers The Server and X-Powered-By headers:  Should be removed or changed These are added by default by some web servers such as apache, nginx, Express,…   Example:... Read more
0 Reviews

Translating Cipher Suites from Wireshark to BIG-IP

Many of us use Wireshark to capture and analyze network traffic.  When it comes to SSL/TLS traffic, Wireshark does a great job of showing the cipher suites presented by the client and then the cipher suite chosen by the server in a given... Read more
Average Rating: 4.9
4 Reviews

PHP Serialized Object Vulnerabilities

Object serialization has always been a tricky subject. Using serialization as a design pattern can always lead to catastrophic consequences such as remote code execution when user input isn't properly validated. Read more
0 Reviews

Deploy an Auto-Scaled BIG-IP VE WAF in AWS

Today let’s look at how to create and deploy an auto-scaled BIG-IP Virtual Edition Web Application Firewall by using a Cloud Formation Template (CFT) in AWS. CFTs are simply a quick way to spin up solutions that otherwise, you may have to create... Read more
0 Reviews

Tightening the Security of HTTP Traffic Part 2

This is the second part of this article which provides guidelines for tightening the security of http traffic by leveraging the power of F5 Big-IP and  iRules to include the latest HTTP security headers to all HTTP responses. Read more
1 Review

Lightboard Lessons: BIG-IP ASM Layered Policies

In this Lightboard Lesson, I light up some use cases for BIG-IP ASM Layered Policies available in BIG-IP v13. With Parent and Child policies, you can: Impose mandatory policy elements on multiple policies; Create multiple policies with baseline... Read more
2 Reviews

Security Sidebar: Roomba Does More Than Vacuum Your Floors

We spend lots of money on defensive security systems to maintain our privacy, but then we purchase a mobile sensor that can gobble up tons of information about us... Read more
1 Review

Tightening the Security of HTTP Traffic part 1

In this article, I will give an overview of some important headers that can be added to HTTP responses in order to improve the security web applications. Read more
Average Rating: 4.9
6 Reviews

Office 365 Logon Enhancement – Username Capture

With the new Office 365 sign-in experience you can capture the username entered at the O365 login page so users don't need to enter it twice! Read more
2 Reviews

Lightboard Lessons: What is BIG-IP APM?

In this Lightboard, I light up some lessons on BIG-IP Access Policy Manager. BIG-IP APM provides granular access controls to discreet applications and networks supporting 2FA and federated identity management. You can also check out Chase's... Read more
Average Rating: 4.8
6 Reviews

Creating a Secure AWS S3 Proxy with F5 iRulesLX

The article provides a solution of creating a secure proxy to AWS S3 using the AWS SDK and F5 iRulesLX Read more
2 Reviews

Lightboard Lessons: Attack Mitigation with F5 Silverline

In this Lightboard Lesson, I describe how F5 Silverline Cloud-based Platform can help mitigate DDoS and other application attacks both on-prem and in the cloud with the Hybrid Signaling iApp. Learn how both on-premises and the cloud can work... Read more
1 Review

What is Transport Layer Security?

Transport Layer Security (TLS) is a protocol that provides privacy and data integrity between two communicating applications. TLS defines the exact methods, actions, etc each communicating device must use to achieve secure communications. Read more
Average Rating: 4.8
6 Reviews

Realizing value from a WAF in front of your application- Part 2

Part 2 in the series of Realizing value from a WAF. In this article, learn how BIG-IP ASM can block 0-day attacks. Read more
1 Review

Apache Struts 2 Showcase Remote Code Execution (CVE-2017-9791)

A new Apache Struts 2 vulnerability was published (S2-048) and a POC code exploiting it was publicly released. Read about how you can mitigate this vulnerability with the BIG-IP ASM. Read more
2 Reviews

F5 BIG-IP Edge Portal – End of Support and End of Availability Announcement

The product leadership team has eliminated a feature of APM called BIG-IP Edge Portal, and this feature will not be compatible with future versions of iOS and Android. Read more
0 Reviews

F5 BIG-IP + Cisco Tetration: Application Centric Visibility

F5 BIG-IP provides Cisco Tetration L4-L7 insight with the integration of Tetration Open API. Read more
0 Reviews

Load Balancing VMware Identity Manager Integration Guide is now Ready!

Learn how to deploy F5 BIG-IP LTM/APM/DNS with various VMware End-User-Computing based products. Read more
0 Reviews

Realizing value from a WAF in front of your application - Part 1

Implement strong and effective application security measures by deploying a Web Application Firewall (WAF) in front of your web applications. Read more
Average Rating: 4.9
6 Reviews

BIG-IQ 5.2 Centralized Management - Security Overview

F5's Matthieu Dierick discusses BIG-IQ 5.2's Centralized Security Management. Learn more at DevCentral. Read more
1 Review

Single Sign-On (SSO) to Legacy Web Apps Using BIG-IP & VMware Workspace ONE

A few months back VMware announced a joint collaborative effort on delivering even more applications to their Workspace One suite utilizing F5 BIG-IP APM to act as an authentication translator from SAML to legacy Kerberos and header-based web... Read more
0 Reviews