F5 Labs

A good starting point for improving API security is to develop a technical security standard (sometimes called API security policies) for each API. F5 Labs' Ray Pompon writes for Help Net Security, discussing how we can improve our API security.

Insertion point security used to be easy: protect the perimeter. F5 Labs' Preston Hogue writes for SecurityWeek, discussing the new reality of insertion point security in a world where apps are your perimeter.

The short, concentrated brief on the 2019 application threat landscape, and what you can do to protect your apps.

Threat actors shift focus away from cryptominers and back to remote code execution—this month with a new zero-day exploits.

In our 2019 edition of the Phishing and Fraud Report, we look at the latest methods and trends attackers are using to exploit the most vulnerable part of your defensive posture: your users.

There are three primary avenues to hack a U.S. election: voter registration, voting machines, and the voters themselves. We’ll dig into each and see which offers the most bang for the buck.

In this companion podcast, the 2019 F5 Labs Application Protection Report researchers examine how both apps and threats are changing, and what security practitioners can do to stay ahead of these changes.

How a Jenkins dynamic routing vulnerability becomes an attacker’s infection vector for installing and executing a cryptominer.

Learn what SQL injection is, how attackers use it to access sensitive data, and how to protect your organization from these attacks.

August 2019 was slowest month on record F5 researchers have seen in new threat activity. But while active exploitation slowed, new reconnaissance campaigns grew.

Known for redirection attacks, recent Trickbot banking trojan campaigns use server-side injection and target fewer victims.

Attacks against exchanges, exit scams and nation-state threats mean that cryptocurrencies retain their Wild West character in 2019.

Ransomware is ramping up, especially in the public sector. The key to stopping these attacks is to focus on the ransomware attack vectors.

We detail the steps for decrypting and decompressing IcedID webinject files, enabling researchers to analyze IcedID samples and pull out target and web injection files.

Security in the cloud can be even stronger than on-premises, but only if the security team gets involved early and understands some critical differences from on-premises.

In July, vulnerable web servers continued to be the target of threat actors attempting to install cryptominers.

For every digital transformation enabled by apps, the application itself is a primary target, along with the business logic it supports and all its underlying data. F5 Labs' Preston Hogue writes for SecurityWeek, discussing how we can keep up with digital complexity in an app-enabled world.

An overview of the types of countermeasures security practitioners use to reduce risk.

Cloud security is not as straightforward as we’ve been led to believe, but it’s achievable by focusing first on control objectives instead of controls.

The way we build, provision, maintain and secure apps continues to evolve. F5 Labs' Preston Hogue writes for SecurityWeek, discussing the adaptation ChatOps, a DevSecOps model.