Think application security first

Applications are critical to your business and the gateway to both your data and your customers' data—data that’s valuable to attackers.  And they’ll disrupt your apps in any way they can to get at it. That's why the app itself must be protected.

Under Attack? Call (866) 329-4253 or +1 (206) 272-7969

App-centric security

Know what makes your apps vulnerable and how they can be attacked, so you can put the right solutions in place to lower your risk.  Gain the application security you need to mitigate today's advanced threats and continue moving your business forward.

Attack Types

Explore the app components to understand each tier and the its associated threats.

APP

Explore the app components to understand each tier and the its associated threats.

SERVICES TIER

Web servers, content delivery networks, and app or database servers are the base for web application services. Also part of this tier are frameworks, libraries, and plugins, and internal code that provides an app's core functionality. Attackers frequently scan for unpatched components within this tier, making it the focus of common attacks, such as injection or business logic flaws.

POSSIBLE THREATS

ACCESS TIER

Access is the gateway to the data that an app processes or stores. This tier provides web, mobile, and API clients the ability to authenticate and get authorization to access an application, so it needs to be secure and efficient. An analysis of breach records shows that 33 percent of web app breaches are access related, with phishing, brute force, and credential stuffing attacks leading the way.

1 F5 Labs: Lessons Learned from a Decade of Data Breaches

POSSIBLE THREATS

TLS/SSL TIER

The transport layer security tier includes HTTPS, TLS, and even the outdated SSL protocol. It provides confidentiality for clients and apps communicating over untrusted networks, ensuring attackers can't tamper with data in transit. Flawed libraries or implementations can lead to vulnerabilities like Heartbleed or denial-of-service attacks. TLS is also used to hide payloads that target other tiers of the app.

POSSIBLE THREATS

DNS TIER

The "address book" of the Internet, DNS translates domain names into IP addresses so browsers can load Internet resources. This tier includes all DNS servers needed by the client and the app, as well as the relevant registrars of those apps' domains. App availability can be disrupted if its DNS suffers a DDoS attack. Alternatively, DNS can be targeted in a hijacking attempt that can compromise an app's confidentiality or integrity.

POSSIBLE THREATS

NETWORK TIER

Clients and apps need a network to connect. Many applications exist on or communicate over the biggest network—the Internet. An app also typically resides on an internal network, allowing app admins to connect and make changes. The network tier is a target of multiple types of DDoS attacks. Compromised internal networks can lead to unauthorized disclosure, alteration, or destruction of data.

POSSIBLE THREATS

DDOS ATTACKS

The purpose of a DDoS attack is to make an application unavailable. DDoS attacks typically originate from an "army" of hacker-controlled bots. All tiers of an app have a capacity limit or are designed in a way that's vulnerable to DDoS attacks. Volumetric attacks target the network tier, overwhelming bandwidth. Others target server or infrastructure resources such as CPU, memory, or state tables.

DDoS Solutions

Use Cases

WEB APPLICATION ATTACKS

Web app attacks target the data held by apps through layer 7 by attempting to steal a user's credentials via a man-in-the-middle attack or exploiting vulnerabilities in servers, frameworks, libraries or even business logic flaws within custom code. Also included are access-control attacks, like credential stuffing, brute force attacks, and credential theft via malware or phishing.

Web App Security Solutions

Use Cases

APP INFRASTRUCTURE ATTACKS

Application infrastructure refers to the systems that applications depend on that are external to the app itself. Attacks against application infrastructure target TLS, DNS, and the network tiers. These attacks can include compromising a vulnerable implementation of TLS/SSL, spoofing DNS to divert user traffic, a man-in-the-middle attack on a network, or a DDoS attack on any of these tiers.

App Infrastructure Solutions

Use Cases

ACCESS ATTACKS AND BUSINESS CHALLENGES

Attacks on access often consist of botnets attempting to brute force user accounts, test stolen passwords, or look for web apps with weak access controls. While preventing successful attacks is paramount, understanding how users access your apps can help you balance “least privilege” without compromising user productivity.

ATTACK TYPES

HOW APPS ARE ATTACKED

What are apps and how are they attacked?

Applications are made up of many independent components, running in separate environments with different requirements and a supporting infrastructure that's glued together over networks. Each component, or tier, can be a target. To evaluate defenses, you need to understand the attack surface of each tier.

  • App Services
  • Access
  • TLS
  • DNS
  • Network

What are apps and how are they attacked?

Applications are made up of many independent components, running in separate environments with different requirements and a supporting infrastructure that's glued together over networks. Each component, or tier, can be a target. To evaluate defenses, you need to understand the attack surface of each tier.

SERVICES TIER
services off

Web servers, content delivery networks, and app or database servers are the base for web application services. Also part of this tier are frameworks, libraries, and plugins, and internal code that provides an app's core functionality. Attackers frequently scan for unpatched components within this tier, making it the focus of common attacks, such as injection or business logic flaws.

POSSIBLE THREATS

ACCESS TIER
services off

Access is the gateway to the data that an app processes or stores. This tier provides web, mobile, and API clients the ability to authenticate and get authorization to access an application, so it needs to be secure and efficient.

An analysis of breach records shows that 33 percent of web app breaches are access related, with phishing, brute force, and credential stuffing attacks leading the way.

1 F5 Labs: Lessons Learned from a Decade of Data Breaches

POSSIBLE THREATS

TLS/SSL TIER
tlsOff

The transport layer security tier includes HTTPS, TLS, and even the outdated SSL protocol. It provides confidentiality for clients and apps communicating over untrusted networks, ensuring attackers can't tamper with data in transit.

Flawed libraries or implementations can lead to vulnerabilities like Heartbleed or denial-of-service attacks. TLS is also used to hide payloads that target other tiers of the app.

POSSIBLE THREATS

DNS TIER
dnsOff

The "address book" of the Internet, DNS translates domain names into IP addresses so browsers can load Internet resources. This tier includes all DNS servers needed by the client and the app, as well as the relevant registrars of those apps' domains.

App availability can be disrupted if its DNS suffers a DDoS attack. Alternatively, DNS can be targeted in a hijacking attempt that can compromise an app's confidentiality or integrity.

POSSIBLE THREATS

NETWORK TIER
networkOff

Clients and apps need a network to connect. Many applications exist on or communicate over the biggest network—the Internet. An app also typically resides on an internal network, allowing app admins to connect and make changes.

The network tier is a target of multiple types of DDoS attacks. Compromised internal networks can lead to unauthorized disclosure, alteration, or destruction of data.

POSSIBLE THREATS

ATTACK TYPES

HOW APPS ARE ATTACKED

Attack Types

Explore the app components to understand each tier and the its associated threats.

DDOS
services access dns network

The purpose of a DDoS attack is to make an application unavailable. DDoS attacks typically originate from an "army" of hacker-controlled bots.

All tiers of an app have a capacity limit or are designed in a way that's vulnerable to DDoS attacks. Volumetric attacks target the network tier, overwhelming bandwidth. Others target server or infrastructure resources such as CPU, memory, or state tables.

DDoS Solutions

Use Cases

WEB APPLICATION
services access

Web app attacks target the data held by apps through layer 7 by attempting to steal a user's credentials via a man-in-the-middle attack or exploiting vulnerabilities in servers, frameworks, libraries or even business logic flaws within custom code.

Also included are access-control attacks, like credential stuffing, brute force attacks, and credential theft via malware or phishing.

Web App Security Solutions

Use Cases

APP INFRASTRUCTURE
tls dns network

Application infrastructure refers to the systems that applications depend on that are external to the app itself. Attacks against application infrastructure target TLS, DNS, and the network tiers. These attacks can include compromising a vulnerable implementation of TLS/SSL, spoofing DNS to divert user traffic, a man-in-the-middle attack on a network, or a DDoS attack on any of these tiers.

App Infrastructure Solutions

Use Cases

ACCESS
tls dns network

Attacks on access often consist of botnets attempting to brute force user accounts, test stolen passwords, or look for web apps with weak access controls. While preventing successful attacks is paramount, understanding how users access your apps can help you balance “least privilege” without compromising user productivity.

A typical organization has 756 apps—and each one is a potential target. Are your apps protected?

Read the report

F5 APPLICATION PROTECTION ACROSS THE APP STACK

F5 application protection across the app stack

RELATED CONTENT

The hunt for IoT

The Growth and Evolution of Thingbots Ensures Chaos

A decade of data breaches

86% of breaches target apps and identities.

Cloud

Making Security Cloud Friendly

Support that Keeps Your Business Secure

We’re your safety net

When security incidents occur, our Security Incident Response Team (F5 SIRT) is there for all F5 customers.

Maximize your investment

F5 Professional Services can help you design, customize, and implement a solution.

We have you covered, 24x7

F5's SOC experts stand between you and security threats that can damage your business.