Attack Categories and DDoS architecture components: Volumetric – Flood-based attacks that can be L3-4 or L7 Cloud-based Scrubbing Service (Silverline) Web Application Firewall (ASM) GTM Express Asymmetric – Attacks designed to invoke timeouts or session-state changes Web Application Firewall (ASM) Computational – Attacks designed to consume CPU and memory Application Delivery Controller (LTM) Slowloris attack migration Adaptive connection...

Cain & Abel Windows only password recovery tool Sniffs the network cracking encrypted passwords, brute force cracking NMAP Detect remote OS running on host(s) nmap -O 192.168.1.0/24 nmap -O 192.168.1.1 nmap -v -O –osscan-guess 192.168.1.1 https://highon.coffee/blog/nmap-cheat-sheet/#host-discovery THC Hydra Brute force attack tool used to show the ease to gain unauthorized access remotely Performs dictionary attacks against more than...

Security >> Application Security: Sessions and Logins: Session Tracking Session Awareness (disabled by default) Configure login page to detect username and associate it with the HTTP session None (default) Allows the use of Violation Detection Actions only User APM Usernames and Session ID Use Login Pages Select the custom login page Properties Authentication type (HTML Form, HTTP Basic/Digest Auth and NTLM) Username/Password Parameters Access...

Data Guard Data Guard will block (by default) or will mask (transparent) the sensitive information for the responses sent by the application server to the client Settings Location General Security -> Application Security: Data Guard Policy Security -> Application Security: Blocking: Settings – Negative Security Violations Data Guard: Information leakage detected Modes of Operation Data Guard in Transparent (Mask Data) Default Learn/Alarm...

Buffer Overflow Security -> Options: Application Security: Advanced Configuration: System Variables long_request_buffer_size – specifies the longest request length supported by the system (default is 10Mb) request_buffer_size – specifies the common request length supported by the system (default is 10Kb) https://support.f5.com/csp/article/K7935 File Uploads Once the new parameter that the application uses for the file upload...

Overview APM 11.3 and beyond offers iFrame Clickjacking protections via the apm.xframeoptions db key Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to clock on the top level page. Thus, the attacker is “hijacking” clicks meant for their webpage and routing them to another page, most likely...