F5 Labs

It looked like a simple XSS in the Outlook Android app, but the app developers couldn’t reproduce it so they didn’t fix it. Then things got interesting. Here’s the story of how I discovered CVE-2019-1105.

The Gootkit banking trojan is still active and protecting itself in Italy using a dedicated redirection defense.

The Gootkit banking trojan is still active and protecting itself in Italy using a dedicated redirection defense.

In part 2 of our mobile app strategy, we lay out the mobile security requirements including specifics on authentication, storage, communication, operations and cryptography.

In part 2 of our mobile app strategy, we lay out the mobile security requirements including specifics on authentication, storage, communication, operations and cryptography.

Lots of organizations are spinning up mobile applications to either directly or indirectly support their mission. We in the security field know that this is fraught with peril, but what do we do and where do we begin to manage the risk?

Lots of organizations are spinning up mobile applications to either directly or indirectly support their mission. We in the security field know that this is fraught with peril, but what do we do and where do we begin to manage the risk?

Welcome to the newly revamped CISO to CISO page!

Welcome to the newly revamped CISO to CISO page!

Learn how DDoS attacks can cripple your network, website, or business.

Learn how DDoS attacks can cripple your network, website, or business.

F5's Tristan Liverpool writes for TechRadar, explaining why some companies hire ethical hackers and where to find them.

Europe was Canada’s primary source of attack traffic targeting VoIP systems and web applications.

Europe was Canada’s primary source of attack traffic targeting VoIP systems and web applications.

F5 Labs' Preston Hogue writes for Security Week, discussing how the shift to DevSecOps brings a massive shift in the application landscape with real cultural impact on security teams.

There are gaps in security programs between what we think is going on, and what’s really going on. In this final part in our trilogy, we examine the possible causes for this—and solutions to close these gaps.

There are gaps in security programs between what we think is going on, and what’s really going on. In this final part in our trilogy, we examine the possible causes for this—and solutions to close these gaps.

Web injection represents an even greater risk than it did previously, thanks to the growth of third-party content and increasingly complex attack surfaces.

Web injection represents an even greater risk than it did previously, thanks to the growth of third-party content and increasingly complex attack surfaces.

In April, threat actors focused on targeting vulnerabilities that had the highest impact: this month it was a recently released deserialization vulnerability in Oracle WebLogic Server.