Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Articles

Sort results

Persistent Threat Management

#dast #infosec #devops A new operational model for security operations can dramatically reduce risk Examples of devops focuses a lot on provisioning and deployment configuration. Rarely mentioned is security, even though there is likely no... Read more
0 Reviews

Application Security is a Stack

#infosec #web #devops There’s the stuff you develop, and the stuff you don’t. Both have to be secured. On December 22, 1944 the German General von Lüttwitz sent an ultimatum to Gen. McAuliffe, whose forces (the Screaming Eagles, in case... Read more
0 Reviews

1024 Words: Building Secure Web Applications

A nice infographic from Veracode on building secure web applications Infographic by Veracode Application Security All 1024 Words posts on DevCentral  Recognizing a Threat is the First Step Towards Preventing It  ... Read more
0 Reviews

Quantifying Reputation Loss From a Breach

#infosec #security Putting a value on reputation is not as hard as you might think… It’s really easy to quantify some of the costs associated with a security breach. Number of customers impacted times the cost of a first class stamp plus the... Read more
0 Reviews

The Cost of Ignoring ‘Non-Human’ Visitors

#infosec There is a real cost associated with how far you allow non-human traffic to penetrate the data center – and it’s not just in soft security risks. A factor often ignored by those performing contact analysis costs is technology. Call... Read more
0 Reviews

The Ascendancy of the Application Layer Threat

#adcfw Normal0falsefalsefalseEN-USX-NONEX-NONEMicrosoftInternetExplorer4/* Style Definitions */table.MsoNormalTable{mso-style-name:"Table... Read more
0 Reviews
0 Reviews

Et Tu, Browser?

Friends, foes, Internet-denizens … lend me your browser.  Were you involved in any of the DDoS attacks that occurred over the past twelve months? Was your mom? Sister? Brother? Grandfather? Can you even answer that question with any... Read more
0 Reviews

Who Took the Cookie from the Cookie Jar … and Did They Have Proper Consent?

Cookies as a service enabled via infrastructure services provide an opportunity to improve your operational posture.  Fellow DevCentral blogger Robert Haynes posted a great look at a UK law regarding cookies. Back in May a new law went info... Read more
0 Reviews

F5 Friday: If Only the Odds of a Security Breach were the Same as Being Hit by Lightning

#v11 AJAX, JSON and an ever increasing web application spread increase the odds of succumbing to a breach. BIG-IP ASM v11 reduces those odds, making it more likely you’ll win at the security table When we use analogy often enough it becomes... Read more
0 Reviews

F5 Friday: Eliminating the Blind Spot in Your Data Center Security Strategy

Pop Quiz: In recent weeks, which of the following attack vectors have been successfully used to breach major corporation security? (choose all that apply) Phishing          Paramet... Read more
0 Reviews

When the Data Center is Under Siege Don’t Forget to Watch Under the Floor

Don’t get so focused on the trebuchets, mangonels and siege towers that you forget about the sappers. We often compare data center security to castles and medieval defenses. If we’re going to do that, we ought to also consider the nature of... Read more
0 Reviews

Security in the Cloud. Developers, About Face!

There is a theory in traditional military strategy that goes something along the lines of “take land, consolidate your gains, take more land…” von Moltke the Elder found this theory so profound that he suggested a defender could trade land fo... Read more
0 Reviews

The “True Security Company” Red Herring

The claim a company is not a “true security company” because they don’t focus solely on security products is a red herring. If I ask you to define a true security company, you might tend to fall back on the most obvious answer, “Well, it’s a... Read more
0 Reviews

Attacks Cannot Be Prevented

You can put into place technology to mitigate and defend against the effects, but you can’t stop the attack from happeningIn the wake of attacks that disrupted service to many popular sites in December the question on many folks’ minds was: how do... Read more
0 Reviews

The Many Faces of DDoS: Variations on a Theme or Two

Many denial of service attacks boil down to the exploitation of how protocols work and are, in fact, very similar under the hood. Recognizing these themes is paramount to choosing the right solution to mitigate the attack. When you look across the... Read more
0 Reviews

F5 Friday: Is Your Infosec Motto ‘Compone Accomoda Supera’?

That’s “Improvise. Adapt. Overcome.” and it should be if it isn’t. The right tools can help you live up to that motto.  If you Google “Zeus Trojan” you’ll find a wealth of information. Unfortunately all that wealth appears to be draining... Read more
0 Reviews

Congratulations! You do no nothing faster than anyone else!

If you’re going to test performance of anything make sure it’s actually doing what it’s designed to do. Race cars go really fast too – but they don’t get you anywhere but around and around in a big circle. Speed is important, especially in... Read more
0 Reviews

Commoditized Software Requires Protection

“Don’t worry about doing the business taxes, my cousin Vinnie is taking care of it.” Is not the type of statement that inspires confidence. But you’re doing it every day. Or at least some of you are. Picture this: A small vertical market, mos... Read more
0 Reviews

F5 Friday: It is now safe to enable File Upload

Web 2.0 is about sharing content – user generated content. How do you enable that kind of collaboration without opening yourself up to the risk of infection? Turns out developers and administrators have a couple options… The goal of many a... Read more
1 Review

Defeating Attacks Easier Than Detecting Them

Defeating modern attacks – even distributed ones – isn’t the problem. The problem is detecting them in the first place. Last week researchers claimed they’ve discovered a way to exploit a basic security flaw that’s used in software that’s in... Read more
0 Reviews

F5 Friday: An On-Demand Turing Test

Detecting bots requires more than a simple USER_AGENT check today… Anyone who’s taken an artificial intelligence class in college or grad school knows all about the Turing Test. If you aren’t familiar with the concept, it was a “test proposed... Read more
0 Reviews

Out, Damn’d Bot! Out, I Say!

Exorcising your digital demons Most people are familiar with Shakespeare’s The Tragedy of Macbeth. Of particularly common usage is the famous line uttered repeatedly by Lady Macbeth, “Out, damn’d spot! Out, I say” as she tries to wash imaginary... Read more
0 Reviews

Risk is not a Synonym for “Lack of Security”

Security risks are not always indicative of a lack of faith in the provider’s competency but about, well, risk. IDC recently conducted another cloud survey and [feign gasp of surprise here] security risks topped a healthy list of concerns that,... Read more
0 Reviews

Are You Scrubbing the Twitter Stream on Your Web Site?

Never never trust content from a user, even if that user is another application. Web 2.0 is as much about integration as it is interactivity. Thus it’s no surprise that an increasing number of organizations are including a feed of their recent... Read more
0 Reviews