Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Articles

Sort results

Inside Look: BIG-IP ASM Botnet and Web Scraping Protection

I hang with WW Security architect Corey Marshall to get an inside look at the Botnet detection and Web scraping protection in BIG-IP ASM. LimelightPlayerUtil.initEmbed('limelight_player_846028');   ps Related: F5's YouTube... Read more
1 Review

Out, Damn’d Bot! Out, I Say!

Exorcising your digital demons Most people are familiar with Shakespeare’s The Tragedy of Macbeth. Of particularly common usage is the famous line uttered repeatedly by Lady Macbeth, “Out, damn’d spot! Out, I say” as she tries to wash imaginary... Read more
0 Reviews

When Is More Important Than Where in Web Application Security

While you spend your time arguing over where application security belongs, miscreants are taking advantage of vulnerabilities. By the time you address the problem, they’ve moved on to the next one. Dmitry Evteev @ Positive Technologies Research... Read more
0 Reviews

How to secure virtualized applications against the unknown

Risks with virtualization is same as it ever was but different Hoff makes a good point about cloud security last month in his “The Cloud is a Fickle Mistress: DDoS&M” which was, if I may quote, “it’s the oldies and goodies that will come back... Read more
0 Reviews

The Web 2.0 API: From collaborating to compromised

Are you protecting your Web 2.0 APIs? As Web 2.0 applications continue to expand from connected to collaborative via the extensive use of APIs it behooves developers and security professionals alike to consider the ramifications of providing... Read more
0 Reviews

4 Reasons We Must Redefine Web Application Security

Mike Fratto loves to tweak my nose about web application security. He’s been doing it for years, so it’s (d)evolved to a pretty standard set of arguments. But after he tweaked the debate again in a tweet, I got to thinking that part of the problem... Read more
0 Reviews

Using Resource Obfuscation to Reduce Risk of Mass SQL Injection

One of the ways miscreants locate targets for mass SQL injection attacks that can leave your applications and data tainted with malware and malicious scripts is to simply seek out sites based on file extensions. Attackers know that .ASP and .PHP... Read more
0 Reviews

I am in your HTTP headers, attacking your application

Zero-day IE exploits and general mass SQL injection attacks often overshadow potentially more dangerous exploits targeting lesser known applications and attack vectors. These exploits are potentially more dangerous because once proven through a... Read more
0 Reviews

3 reasons you need a WAF even if your code is (you think) secure

Everyone is buzzing and tweeting about the SANS Institute CWE/SANS Top 25 Most Dangerous Programming Errors, many heralding its release as the dawning of a new age in secure software. Indeed, it's already changing purchasing requirements.... Read more
0 Reviews

Moore's law is a double-edged sword

In the good old days when I was in college I had a generic PC. That's the way we did it back then - we built our PCs out  of parts (obligatory "you kids don't know how good you have it these days" look). On that PC is... Read more
0 Reviews

New TCP vulnerability about trust, not technology

I read about a "new" TCP flaw that, according to C|Net News, Related Posts puts Web sites at risk. There is very little technical information available; the researchers who discovered th... Read more
0 Reviews

BusinessWeek takes viral advertising a little too seriously

Yesterday it was reported that BusinessWeek had been infected with malware via an SQL injection attack. [begin Mom lecture] Remember when we talked about PCI DSS being a good idea for everyone, even though... Read more
0 Reviews

Why it's so hard to secure JavaScript

The discussion yesterday on JavaScript and security got me thinking about why it is that there are no good options other than script management add-ons like NoScript for securing JavaScript. I... Read more
0 Reviews

Three Web Application Vulnerabilities You Need to Know

Via Hacker News and Peteris Kumins' blog on programming, hacking, software reuse and stuff comes the latest Google tech talk, this one on web application vulnerabilities and "how cybercriminals steal money". While Peteris and... Read more
0 Reviews

Why Vulnerabilities Go Unpatched

The good folks at Verizon Business who recently released their 2008 Data Breach Investigations Report sounded almost surprised by the discovery that "Intrusion attempts targeted the application layer more than the operating system and less... Read more
0 Reviews

PCI DSS Requirements 6.6: A best practice for the rest of us

With the deadline of June 2008 quickly approaching for retailers who need to be compliant with PCI DSS (Payment Card Industry Data Security Standard) there's a lot of focus in IT shops on requirement 6.6, the somewhat hotly debated requirement... Read more
0 Reviews