F5 Labs: Application Threat Intelligence

Sinopse

Apps have changed nearly everything about how we livehow we stay connected socially, how we engage in commerce, how we run our businesses. Theyve also completely transformed the darker world of cybercrime, hacktivism, espionage, and warfare. But what is an app, really? Being able to answer that question is vital for protecting our dataourselves, our businesses, our communitiesfrom todays increasingly sophisticated pool of cyber attackers. F5 Labs conducted a year-long research study to see on how applications are being attacked. This researchthe Application Protection reporthas confirmed what we saw in our own experience: apps are the primary targets for attackers. Join threat researchers Sara Boddy and Ray Pompon in this four-part series where well share our findingssome alarming, and others not so surprising at allto help you prioritize what you should focus on to reduce your risk.

Episódios

  • Season 2: Episode 4 - API Attacks and New Architectures

    Season 2: Episode 4 - API Attacks and New Architectures

    25/10/2019 Duração: 27min

    In the fourth and final episode for 2019, Sara, Ray, and Sander talk about attacks against application programming interfaces (APIs), and how they’ve spiked in the last two years. As with the formjacking attacks discussed in Episode Two, API attacks have become more common because of changes in how organizations design and run applications. The team explains the different kinds of API breaches they’ve seen, what organizations can do to protect their APIs, and make a few predictions about how the security world will adapt to these new risks

  • Season 2: Episode 3 - Access Attacks Take Top Spot

    Season 2: Episode 3 - Access Attacks Take Top Spot

    17/10/2019 Duração: 35min

    The Labs team drills down into the topic of access tier attacks, which were the single most successful attack type in the past year, according to public breach reports. These attacks, which include techniques like phishing, credential stuffing, and brute force attacks, made up a huge proportion of the successful attacks that organizations disclosed. The team explores why these attacks are so successful, what defenders can do to prevent them, and what their ongoing prevalence means for the Internet and its users.

  • Season 1: Episode 2 - Application Protection—Mitigating Risk at the App Services Tier

    Season 1: Episode 2 - Application Protection—Mitigating Risk at the App Services Tier

    15/10/2019 Duração: 18min

    What makes an app, really? Is application security, as we’ve known it, keeping pace with today’s threats? F5 Labs security experts spent a year researching the composition of an app, the increasingly essential role they play in today’s digital world, to better answer these questions. Join threat researchers Sara Boddy and Ray Pompon as they explore these questions and more, sharing their findings from the 2018 Application Protection Report. In this episode, they’ll take a critical look at threats against the App Services Tier—including injection attacks against app services—and how you can find, patch, and block these vulnerabilities.

  • Season 1: Episode 3 - Application Protection—Mitigating Risk at the Access Tier

    Season 1: Episode 3 - Application Protection—Mitigating Risk at the Access Tier

    15/10/2019 Duração: 17min

    What makes an app, really? Is application security, as we’ve known it, keeping pace with today’s threats? F5 Labs security experts spent a year researching the composition of an app, the increasingly essential role they play in today’s digital world, to better answer these questions. Join threat researchers Sara Boddy and Ray Pompon as they explore these questions and more, sharing their findings from the 2018 Application Protection Report. In this episode, they’ll take a critical look at threats against the Access Tier. This includes one of the most prevalent app client vulnerabilities, cross-site scripting (XSS). They’ll also explore account access hijacking and how you can put the proper security provisions in place to minimize your risk.

  • Season 1: Episode 4 - Application Protection—Mitigating DDoS Attacks

    Season 1: Episode 4 - Application Protection—Mitigating DDoS Attacks

    15/10/2019 Duração: 19min

    What makes an app, really? Is application security, as we’ve known it, keeping pace with today’s threats? F5 Labs security experts spent a year researching the composition of an app, the increasingly essential role they play in today’s digital world, to better answer these questions. Join threat researchers Sara Boddy and Ray Pompon as they explore these questions and more, sharing their findings from the 2018 Application Protection Report. This episode will take a critical look at DDoS attacks which can strike any component of the app—from the network layer to app infrastructure components such as TLS—and how to get a strong DDoS protection strategy in place.

  • Season 1: Episode1 - Application Protection

    Season 1: Episode1 - Application Protection

    15/10/2019 Duração: 15min

    F5 Labs security experts spent a year researching the increasingly essential role of applications with one question in mind: If organizations don’t understand all the ways attackers can compromise their applications and exploit their data, how can they possibly defend their most critical assets? Join threat researchers Sara Boddy and Ray Pompon in this four-part series where they’ll share their findings from the 2018 Application Protection Report —some alarming, and others not so surprising at all—to help you prioritize what you should focus on to reduce your risk.

  • Season 2: Episode 2 - Injection, Evolved

    Season 2: Episode 2 - Injection, Evolved

    14/10/2019 Duração: 20min

    The Labs team dives into the subject of injection—one of the most prevalent and successful attack techniques featured in the breach notifications. Injection techniques have been around for a long time, and constituted a major finding in the 2018 report, but they’re evolving to target different vulnerabilities because of the way that web applications are being built. As a result, a new injection technique known as formjacking has surpassed SQL injection as the most common manifestation. Ray and Sander discuss what this means for preventing, detecting, and defending against web application attacks in 2019 and onward, and make some predictions about the future of web app architecture.

  • Season 2: Episode 1 - Methods, Easy Targets, and Breach Data

    Season 2: Episode 1 - Methods, Easy Targets, and Breach Data

    14/10/2019 Duração: 21min

    Sara begins by unpacking what’s changed in this year’s research, covering changes in personnel, data sources, and research scope. The team then turns to the first significant finding of the new research series: the discovery of widespread, unsophisticated reconnaissance campaigns targeting PHP. While systems running PHP were a major target last year as well, the proportion of opportunistic traffic looking for old, unprotected PHP vulnerabilities was even higher this year. After that they dive into one of their major data sources, the breach notifications published by individual U.S. states. One of the findings from the breach disclosures was a strong relationship between victims’ industries and the attack methods. Ray, Sara, and Sander look at why that is, and what it means for defenders.

Informações: