Top Risks
July 16, 2019

2018 Application Protection Report Podcast Series



F5 Labs security experts spent a year researching application security. With the increasingly essential role of applications, one major question arises: If organizations don’t understand all the ways attackers can compromise their applications and exploit their data, how can they possibly defend their most critical assets? Join threat researchers Sara Boddy and Ray Pompon in this four-part series where they’ll share their findings from the 2018 Application Protection Report—some alarming, and others not so surprising at all—to help you prioritize what you should focus on to reduce your risk.

Episode One

Join the F5 Labs Director, Sara Boddy, and Principal Threat Research Evangelist Ray Pompon as they discuss why they wrote the Application Protection Report, how they had to question some fundamental assumptions about applications in order to get to the heart of the matter, and how the resulting model—the App Stack—helped them make sense out of a pile of data from different sources.

Episode Two

In this episode, Sara and Ray take a critical look at threats against the App Services Tier. This means attacks against code, web servers, server-side infrastructure, databases, and so on. This also includes injection attacks against app services, which featured prominently in the public data breach notifications collected over a year. Learn why injection and other App Services attacks are so common, and how you can find, patch, and block these vulnerabilities.

Episode Three

In this episode, Ray and Sara examine breaches resulting from application access attacks, such as credential stuffing, email hacks, brute force, and phishing. They unpack some of the unique challenges that these access attacks pose, and discuss strategies for protecting the Access tier.

Episode Four

Listen as Ray and Sara unpack application DDoS attacks. Next-generation DDoS attacks that focus on applications rather than networks tend to be subtle, precise, and well-crafted. This make them harder to detect and mitigate. Ray and Sara also touch on Internet of Things (IoT) thingbots, and the effect they’re having on the black market and the tech industry.

Join the Discussion

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.


9 hrs

a critical vulnerability—with the potential for remote code execution—is released.