Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology

Articles

Sort results

Lightboard Lessons: OWASP Top 10 - Cross Site Scripting

The OWASP Top 10 is a list of the most common security risks on the Internet today.  Cross Site Scripting (XSS) comes in at the #7 spot in the latest edition of the OWASP Top 10... Read more
1 Review

Cross Site Scripting (XSS) Exploit Paths

Web application threats continue to cause serious security issues for large corporations and small businesses alike.  In 2016, even the smallest, local family businesses have a Web presence, and it is important to understand the potential... Read more
1 Review

The Lock May be Broken

A couple of weeks ago, a new security advisory was published: CVE-2012-0053 - “Apache HttpOnly Cookie Disclosure”. While the severity of this vulnerability is just “medium”, there are some things that we can learn from it. As far as I see it,... Read more
0 Reviews

F5 Friday: Eliminating the Blind Spot in Your Data Center Security Strategy

Pop Quiz: In recent weeks, which of the following attack vectors have been successfully used to breach major corporation security? (choose all that apply) Phishing          Paramet... Read more
0 Reviews

F5 Friday: Expected Behavior is not Necessarily Acceptable Behavior

Sometimes vulnerabilities are simply the result of a protocol design decision, but that doesn’t make it any less a vulnerability An article discussing a new attack on social networking applications that effectively provides an opening through... Read more
0 Reviews

Why Is Reusable Code So Hard to Secure?

Being an efficient developer often means abstracting functionality such that a single function can be applied to a variety of uses across an application. Even as this decreases risk of errors, time to develop, and the attack surface necessary to... Read more
0 Reviews

Excuse Me But Is That a Gazebo On Your Site?!

There are few things in reality that can match The Gazebo in its ability to evoke fear and suspicion amongst gamers. The links on your web site may be one of them. In the history of Dungeons and Dragons there exists the urban legend known to... Read more
0 Reviews

Web Application Security at the Edge is More Efficient Than In the Application

If one of the drivers for moving to cloud-based applications is reducing costs, you should think twice about the placement of application security solutions. There’s almost no way to avoid an argument on this subject so I won’t tiptoe around it:... Read more
1 Review

Log Files Do Not Improve Security

Logs are for auditing, accountability, and tracking down offenders – not for providing real-time security A new law signed into effect in February 2009 requires that health care providers and organizations subject to HIPAA notify affected... Read more
0 Reviews

Securing the Other Side of the Cloud

Why would miscreants bother with other routes when they can go straight to the source? People concerned with security of the cloud are generally worried about illegitimate access of the applications and data they may deploy in the cloud.... Read more
0 Reviews

The Web 2.0 Botnet: Twisting Twitter and Automated Collaboration

Collaborating automatically via Web 2.0 APIs is a beautiful thing. I can update status on Twitter and it will automagically propagate to any number of social networking sites: Facebook. FriendFeed. MySpace. LinkedIn. If I had to do it all... Read more
0 Reviews

4 Reasons We Must Redefine Web Application Security

Mike Fratto loves to tweak my nose about web application security. He’s been doing it for years, so it’s (d)evolved to a pretty standard set of arguments. But after he tweaked the debate again in a tweet, I got to thinking that part of the problem... Read more
0 Reviews

Why it's so hard to secure JavaScript

The discussion yesterday on JavaScript and security got me thinking about why it is that there are no good options other than script management add-ons like NoScript for securing JavaScript. I... Read more
0 Reviews

Stop Those XSS Cookie Bandits iRule Style

In a recent post, CodingHorror blogged about a story of one of his friends attempts at writing his own HTML sanitizer for his website. I won't bother repeating the details but it all boils down to the fact that his friend noticed users were... Read more
0 Reviews