INTRO EPISODE
2019 Application Protection Series

Why Application Security?

Find out why we care so much about application security, how applications have grown into the weird beasts that they are today, and how our work fits into the bigger picture of securing and running an application.

EPISODE 1
2019 Application Protection Series

PHP Reconnaissance

As we reviewed untargeted reconnaissance traffic for 2018, one pattern stuck out so much that we had to report on it before anything else. It turned out that 37% of all the honeypot traffic we caught came from just two North American IPs seeking old PHP vulnerabilities.

EPISODE 2
2019 Application Protection Series

2018 Breach Trends

We analyzed more than 700 U.S. data breach reports to understand what kinds of attacks were succeeding. We found two tactics that were responsible for most of the successes, and that there were patterns between organizations’ business models and how they got hacked.

2018 Application Protection Report

In this report, we demystify the complexities of apps, explore how and where they're attacked, and provide practical steps to take now to start winning the app protection battle.

2018 Application Protection Report Podcast Series

In this companion podcast, the researchers who created the F5 Labs Application Protection Report discuss their findings, and share the details and backstories that helped shape the final report.

The DNS Attacks We’re Still Seeing

What hasn’t changed? F5 threat intelligence shows that attackers are still using DNS water torture DDoS, DNS reflection DDoS, expired domain takeover, and DNS requests for covert channels.

What Do You Mean by Storage Encryption?

Writing for Help Net Security, F5 Labs researcher Ray Pompon explains why establishing "storage encryption" isn’t the cure-all that some claim.

Will Losses from Cryptocurrency Exchange Hacks Hit a Billion Dollars In 2018?

Cryptocurrency exchanges and their supporting application systems are being attacked at an unprecedented level. As the value of cryptocurrency climbs, so does the incentive to steal.

Who Owns Application Security?

Writing for Help Net Security, F5 Labs researcher Ray Pompon discusses the dismayingly low number of firms whose CISO owns application security.

Apps Are Like Onions; They Have Layers

As a security professional, it’s critical to understand all the components of modern web apps so you can fend off attacks at multiple tiers.

The Little Mistake That Causes a Breach

One small error in security controls can have disastrous consequences. How common are these little mistakes, and how do you prevent them?

Breach Costs Are Rising with the Prevalence of Lawsuits

When calculating the total cost of a data breach, lawsuits figure prominently—along with repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

How Secure Are Your Third-Party Web Apps?

You can't assume that third-party web apps are secure. Here’s how to assess them yourself, using this multi-step process.

Know the Risks to Your Critical Apps and Defend Against Them

Critical apps are the ones that must never go down or be hacked. Unfortunately, they’re also the hardest to defend: they’re often massive, ancient, and touch everything.