F5 Labs security experts spent a year researching application security. With the increasingly essential role of applications, one major question arises: If organizations don’t understand all the ways attackers can compromise their applications and exploit their data, how can they possibly defend their most critical assets? Join threat researchers Sara Boddy and Ray Pompon in this four-part series where they’ll share their findings from the 2018 Application Protection Report—some alarming, and others not so surprising at all—to help you prioritize what you should focus on to reduce your risk.
Join the F5 Labs Director, Sara Boddy, and Principal Threat Research Evangelist Ray Pompon as they discuss why they wrote the Application Protection Report, how they had to question some fundamental assumptions about applications in order to get to the heart of the matter, and how the resulting model—the App Stack—helped them make sense out of a pile of data from different sources.
In this episode, Sara and Ray take a critical look at threats against the App Services Tier. This means attacks against code, web servers, server-side infrastructure, databases, and so on. This also includes injection attacks against app services, which featured prominently in the public data breach notifications collected over a year. Learn why injection and other App Services attacks are so common, and how you can find, patch, and block these vulnerabilities.
In this episode, Ray and Sara examine breaches resulting from application access attacks, such as credential stuffing, email hacks, brute force, and phishing. They unpack some of the unique challenges that these access attacks pose, and discuss strategies for protecting the Access tier.
Listen as Ray and Sara unpack application DDoS attacks. Next-generation DDoS attacks that focus on applications rather than networks tend to be subtle, precise, and well-crafted. This make them harder to detect and mitigate. Ray and Sara also touch on Internet of Things (IoT) thingbots, and the effect they’re having on the black market and the tech industry.