Tag: Certificate Spoofing
Executive Summary Like coral reefs teeming with a variety of life, web applications are “colony creatures.” They consist of a multitude of independent components, running in separate environments with different operational requirements and supporting infrastructure (both in the cloud and on premises) glued together across networks. In this report, we examine that series of interacting…
Read MoreIn July 2018, F5 released its first annual Application Protection Report based on the results of an F5-commissioned Ponemon survey of 3,135 IT and security practitioners across the globe. Additional research conducted by Whatcom Community College, University of Washington Tacoma, along with data from White Hat Security and Loryka served to make this one of…
Read MoreIn-App Testing Since the HSTS and HPKP protocols allow for genuine interception of SSL by trusted certificates, nothing can be done to warn end users that their communications are being intercepted. For those that need to inform their users of interception, in-app testing could be considered. By performing an additional SSL/TLS handshake, using Javascript within…
Read MoreEditor’s Note: F5 Labs is a threat research and analysis team within F5 Networks. As a relatively small team of researchers, evangelists, and writers who produce vendor-neutral threat-related content, we look forward every summer to the opportunity to bring in a college intern to help us with special research and data analysis projects. In the…
Read MoreRecent Posts
- Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms
- How to reduce cyber risk during employee onboarding
- Germany seizes 47 crypto exchanges used by ransomware gangs
- Police dismantles phone unlocking ring linked to 483,000 victims
- Ahead Adds Former Google Cloud VP To Board To ‘Fuel’ AI, Hybrid Cloud