Author: nlqip
Figure 1: Bug types across valid submissions shows a decline in low value bug types such as clickjacking, and steady submissions in XSS and mobile bugs. XSS, SQLi, and CSRF are among the OWASP “Top Ten”, with reams of documentation, tutorials, code samples, and tools capable of discovering these bugs before applications are introduced to the wild. One…
Read MoreWhen it comes to crossing the US border, we used to worry about the simple things—too many souvenirs to avoid paying import duties, lines short enough to get to a bathroom in a reasonable timeframe, maybe concerns about which fruits and vegetables could be kept from the last grocery run. Today, we’ve got one more…
Read MoreAnother week, another threat. This week dawned with a spate of twitchy fingers telling us about the latest monster to emerge from the closets: KRACK. KRACK stands for Key Reinstallation Attack. You can read the details of this one on a variety of sites including Arstechnica,1 Verge,2 and, as befitting the seriousness of this one, its own website.3…
Read MoreThe recently released F5 and Ponemon report, “The Evolving Role of CISOs and their Importance to the Business,” unearthed some disconcerting results about CISO effectiveness. In particular, the following survey question spoke to this point specifically: Are security operations aligned with business objectives? Fully – 26% Partially – 34% Not – 40% Surprisingly, only a quarter of…
Read MoreI recently had the opportunity to sit down with two of F5’s top threat researchers, Sara Boddy and Justin Shattuck, to pick their brains about IoT, its current state of “security,” and what we can expect to see in terms of threats, attacks, and mitigations in the future. Justin and Sara are co-authors of three IoT threat research…
Read MoreHelp Guide the Future of Apps – Ultimately Your Threat Landscape – By Responding to Our SOAD Survey!
Every year, we try to pull back the curtain on the future of application delivery by looking at those trends and technologies that impact it the most. Containers. Cloud. Digital Transformation. Automation. All have an impact on applications and their architectures, which in turn has significant implications for application delivery and the businesses that rely…
Read MoreDepending on third parties is inescapable. Every organization needs software, hardware, Internet connectivity, power, and buildings. It’s unlikely they’re going to do all those things themselves. That means that organizations must be dependent on others outside themselves. With that dependence comes risk. F5 recently partnered with Ponemon Institute to survey CISOs. In the report, The Evolving…
Read MoreThis isn’t your mama’s botnet. This is a proper botnet. If you were the world’s best IoT botnet builder and you wanted to show the world how well-crafted an IoT botnet could be, Reaper is what you’d build. It hasn’t been seen attacking anyone yet, and that is part of its charm. But, what is…
Read MoreFigure 1: Demonstration of a split-tunnel attack4 Email Retrieval attacks The two major protocols associated with email retrieval are Post Office Protocol 3 (POP3) and Internet Message Access Protocol (IMAP). Both protocols connect to an email server to download new messages over a TCP/IP connection.5POP3 is much simpler and easier to implement, but only allows…
Read MoreIn part I of this series, I explored some of the issues surrounding the fact that we have managed to build networks so large and complex that it is essentially impossible to grasp any significant fraction of network activities without asking for help from… the network itself. In this installment, I delve into some actual techniques…
Read More