Welcome!

Psilva's Prophecies

Peter Silva

Subscribe to Peter Silva: eMailAlertsEmail Alerts
Get Peter Silva via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories by Peter Silva

With the release of the new 2017 Edition of the OWASP Top 10, we wanted to give a quick rundown of how BIG-IP ASM can mitigate these vulnerabilities. First, here’s how the 2013 edition compares to 2017. And how BIG-IP ASM mitigates the vulnerabilities. Vulnerability BIG-IP ASM Controls A1 Injection Flaws Attack signatures Meta character restrictions Parameter value length restrictions A2 Broken Authentication and Session Management Brute Force protection Session tracking HTTP cookie protection A3 Sensitive Data Exposure Data Guard A4 XML External Entities (XXE) Attack signatures (see below) A5 Broken Access Control File types URL URL flows Session tracking URL flows Attack signatures (Directory traversal) A6 Security Misconfiguration Attack Signatures A7 Cross-site Scripting (XSS) Attack signatures Parameter meta characters Parameter value length restrictions Par... (more)

Mitigate L7 DDoS with BIG-IP ASM

Today, let’s look at a couple ways to mitigate an application DDoS attack with BIG-IP ASM. We’ve logged into a BIG-IP ASM and navigated to Security>DDoS Protection>DDoS Profiles. In the General Settings of Application Security, we’ll activate an application DoS iRule event. We’ll click TPS-based Detection to see the temporarily lowered TPS thresholds to easily simulate an attack. Often, there are multiple mitigation methods that are sequentially applied as you can see with the Source IP settings. We can also record traffic packet captures during attacks for post analysis. Wh... (more)

Post of the Week: BIG-IP APM Policy Sync

In this Lightboard Post of the Week, I light up the answer to a question about BIG-IP APM Policy Sync. Posted Question on DevCentral: https://devcentral.f5.com/questions/apm-policy-sync-56330 Thanks to DevCentral user Murali (@MuraliGopalaRao) for the question and special thanks to Leonardo Souza for the answer! ps Related: DevCentral’s Featured Member for May – NTT Security’s Leonardo Souza ... (more)

Lightboard Lessons: What is DDoS?

Over the last quarter, there were approximately 500 DDoS attacks daily around the world with some lasting as long as 300 hours. In this Lightboard Lesson I light up some #basics about DoS and DDoS attacks.   ps Related: DDoS attacks in Q2 2017 DDoS attack – Distributed Denial of Service DDoS Attacks 101: Types, targets, and motivations ... (more)

Legacy Application SSO with BIG-IP and Okta

IT organizations have a simple goal: make it easy for workers to access all their work applications from any device. But that simple goal becomes complicated when new apps and old, legacy applications do not authenticate in the same way. Today we’ll take you through BIG-IP APM’s integration with Okta, a cloud-based identity-as-a-service provider. The primary use case for this scenario is providing the user authentication through Okta and then Okta providing BIG-IP APM a SAML assertion so that BIG-IP can perform legacy SSO using either Kerberos Constrained Delegation (KCD) or He... (more)