Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Articles

Sort results

ThinkPHP 5.x Remote Code Execution Vulnerability

ThinkPHP is an open source PHP development framework for agile web application development. Recently, an unauthenticated remote code execution vulnerability was discovered in ThinkPHP... Read more
0 Reviews

Lightboard Lessons: OWASP Top 10 - Using Components With Known Vulnerabilities

The OWASP Top 10 is a list of the most common security risks on the Internet today.  The #9 risk is "Using Components With Known Vulnerabilities".  It may seem obvious that you wouldn't want to use components that have known vulnerabilities... Read more
0 Reviews

Managing Your Vulnerabilities

I recently recovered from ACDF surgery where they remove a herniated or degenerative disc in the neck and fuse the cervical bones above and below the disk. My body had a huge vulnerability where one good shove or fender bender could have ruptured... Read more
0 Reviews

HEIST Vulnerability – Overview and BIG-IP Mitigation

An interesting topic was talked about in the recent Black Hat conference. It is a new attack called HEIST (HTTP Encrypted Information can be Stolen through TCP-windows) which demonstrates how to extract sensitive data from any authenticated... Read more
Average Rating: 4.9
7 Reviews

IE Universal XSS Vulnerability Mitigation

An article on CIO.com yesterday discussed an easy attack vector on IE 11 on Windows 8.1, but it works on my Windows 7 with IE 10 as well. To see the (benign) attack in action, follow these steps: In IE, go to... Read more
1 Review

GHOST Vulnerability (CVE-2015-0235)

On 27 of January Qualys has published a critical vulnerability dubbed “GHOST” as it can be triggered by the GetHOST functions ( gethostbyname*() ) of the “glibc” library shipping with the Linux kernel. Those functions are used to get Read more
Average Rating: 3.3
7 Reviews

Threat Analysis: perlb0t

This ancient bot, also known as the “Mambo” bot (due to an old vulnerability in the Mambo CMS it tried to exploit) has been around for a very long time, and many variations of it has been seen. However, from our observations, it is still being... Read more
1 Review

Plesk Vulnerability

Recently we’ve witnessed another example of a relatively old and specific vulnerability come to life using a very common and wide spread application. In this case it was the CVE-2012-1823 vulnerability, being exploited using the Plesk admin... Read more
0 Reviews

Mitigating The Apache Struts ClassLoader Manipulation Vulnerabilities Using ASM

Background Recently the F5 security research team has witnessed a series of CVE’s created for the popular Apache Struts platform. From Wikipedia: Apache Struts was an open-source web application framework for developing Java EE web applications.... Read more
0 Reviews

Heartbleed: Network Scanning, iRule Countermeasures

Get the latest updates on how F5 mitigates HeartbleedGet the latest updates on how F5 mitigates Heartbleed I just spent the last two days writing “business-friendly” copy about Heartbleed. I think the result was pretty good and hey, it even got... Read more
0 Reviews

F5 Friday: Expected Behavior is not Necessarily Acceptable Behavior

Sometimes vulnerabilities are simply the result of a protocol design decision, but that doesn’t make it any less a vulnerability An article discussing a new attack on social networking applications that effectively provides an opening through... Read more
0 Reviews

TLS Man-in-the-Middle Attack Disclosed Yesterday Solved Today with Network-Side Scripting

Yesterday the blogosphere, twittosphere, and other-spheres were abuzz when a new TLS renegotiation man-in-the-middle attack was disclosed. Interestingly enough, while we were all still reading about it and figuring out all the nuances, one of our... Read more
0 Reviews

When Is More Important Than Where in Web Application Security

While you spend your time arguing over where application security belongs, miscreants are taking advantage of vulnerabilities. By the time you address the problem, they’ve moved on to the next one. Dmitry Evteev @ Positive Technologies Research... Read more
0 Reviews

I Can Has UR .htaccess File

Notice that isn’t a question, it’s a statement of fact Twitter is having a bad month. After it was blamed, albeit incorrectly, for a breach leading to the disclosure of both personal and corporate information via Google’s GMail and Apps, its... Read more
0 Reviews

An Unhackable Server is Still Vulnerable

Apparently if you’re attending the USENIX Security conference (August 12-14, 2009, in Montreal, Canada) you can participate in the Security Grand Challenge. What is that, you ask? Here’s how the organizers describe it: The concept is very... Read more
0 Reviews

4 Reasons We Must Redefine Web Application Security

Mike Fratto loves to tweak my nose about web application security. He’s been doing it for years, so it’s (d)evolved to a pretty standard set of arguments. But after he tweaked the debate again in a tweet, I got to thinking that part of the problem... Read more
0 Reviews

Using Resource Obfuscation to Reduce Risk of Mass SQL Injection

One of the ways miscreants locate targets for mass SQL injection attacks that can leave your applications and data tainted with malware and malicious scripts is to simply seek out sites based on file extensions. Attackers know that .ASP and .PHP... Read more
0 Reviews

Virtual Patching: What is it and why you should be doing it

Yesterday I was privileged to co-host a webinar with WhiteHat Security's Jeremiah Grossman on preventing SQL injection and Cross-Site scripting using a technique called "virtual patching". While I was familiar with F5's... Read more
0 Reviews

IE7 Offers Another Reason To Use FireFox

Microsoft announced today, December 16th, that they have verified a vulnerability in Internet Explorer 7 where a malicious exploit is exposed that could infect your computer with malware.Specifically, the AZN trojan, which has been workin... Read more
0 Reviews

What IT Security can learn from a restroom sign

As an industry - both security and application delivery - we talk a lot about securing the application infrastructure (databases, web and application servers) by making sure that the data going into the applications is "clean". After... Read more
0 Reviews