Application Protection

Application Protection Research Series

We focus on applications because your adversaries focus on applications.

Applications have become the focal point of the Internet, the workhorses behind organizations of all types. Attackers have figured this out, and they target applications more than anything else (besides people). This research series ties together trends and data from a number of perspectives to give an overall picture of the application security threat landscape.

November 05, 2019

EXECUTIVE SUMMARY
2019 Application Protection Series

The Virtue of Visibility

Looking for the quick espresso-style rundown on the 2018 threat landscape? The executive summary boils down the trends in the threat landscape, as well as our recommendations for managing application risk as it evolves.

October 22, 2019

PODCAST SERIES

2019 Application Protection Report

In this companion podcast, the 2019 F5 Labs Application Protection Report researchers examine how both apps and threats are changing, and what security practitioners can do to stay ahead of these changes.

August 13, 2019

EPISODE 5
2019 Application Protection Series

API Breaches and the Visibility Problem

API use has grown tremendously as applications grow more decentralized. Some large apps have hundreds of APIs, and mobile apps depend on them completely. API security, however, is lagging, creating easy targets for attackers.

See the Lifecycle of the 4 Major Attack Types:

Click through the animations below to understand how different attacks unfold.

2018 Application Protection Report

In this report, we demystify the complexities of apps, explore how and where they're attacked, and provide practical steps to take now to start winning the app protection battle.

July 25, 2018

2018 Application Protection Report Podcast Series

In this companion podcast, the researchers who created the F5 Labs Application Protection Report discuss their findings, and share the details and backstories that helped shape the final report.

July 16, 2019

The DNS Attacks We’re Still Seeing

What hasn’t changed? F5 threat intelligence shows that attackers are still using DNS water torture DDoS, DNS reflection DDoS, expired domain takeover, and DNS requests for covert channels.

December 04, 2018

What Do You Mean by Storage Encryption?

Writing for Help Net Security, F5 Labs researcher Ray Pompon explains why establishing "storage encryption" isn’t the cure-all that some claim.

November 06, 2018

Will Losses from Cryptocurrency Exchange Hacks Hit a Billion Dollars In 2018?

Cryptocurrency exchanges and their supporting application systems are being attacked at an unprecedented level. As the value of cryptocurrency climbs, so does the incentive to steal.

October 18, 2018

Who Owns Application Security?

Writing for Help Net Security, F5 Labs researcher Ray Pompon discusses the dismayingly low number of firms whose CISO owns application security.

October 11, 2018

Apps Are Like Onions; They Have Layers

As a security professional, it’s critical to understand all the components of modern web apps so you can fend off attacks at multiple tiers.

August 03, 2018

The Little Mistake That Causes a Breach

One small error in security controls can have disastrous consequences. How common are these little mistakes, and how do you prevent them?

June 05, 2018

Breach Costs Are Rising with the Prevalence of Lawsuits

When calculating the total cost of a data breach, lawsuits figure prominently—along with repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

May 02, 2018

How Secure Are Your Third-Party Web Apps?

You can't assume that third-party web apps are secure. Here’s how to assess them yourself, using this multi-step process.

April 26, 2018

Know the Risks to Your Critical Apps and Defend Against Them

Critical apps are the ones that must never go down or be hacked. Unfortunately, they’re also the hardest to defend: they’re often massive, ancient, and touch everything.

April 10, 2018

Attack types

App Infrastructure Attacks

DDoS Attacks

Client-side Attacks

Web Application Attacks

Reports All Reports