Top Risks

2018 Application Protection Report Podcast Series

In this companion podcast, the researchers who created the F5 Labs Application Protection Report discuss their findings, and share the details and backstories that helped shape the final report.
July 16, 2019

Intro

F5 Labs security experts spent a year researching application security. With the increasingly essential role of applications, one major question arises: If organizations don’t understand all the ways attackers can compromise their applications and exploit their data, how can they possibly defend their most critical assets? Join threat researchers Sara Boddy and Ray Pompon in this four-part series where they’ll share their findings from the 2018 Application Protection Report—some alarming, and others not so surprising at all—to help you prioritize what you should focus on to reduce your risk.

Episode One

Join the F5 Labs Director, Sara Boddy, and Principal Threat Research Evangelist Ray Pompon as they discuss why they wrote the Application Protection Report, how they had to question some fundamental assumptions about applications in order to get to the heart of the matter, and how the resulting model—the App Stack—helped them make sense out of a pile of data from different sources.

Episode Two

In this episode, Sara and Ray take a critical look at threats against the App Services Tier. This means attacks against code, web servers, server-side infrastructure, databases, and so on. This also includes injection attacks against app services, which featured prominently in the public data breach notifications collected over a year. Learn why injection and other App Services attacks are so common, and how you can find, patch, and block these vulnerabilities.

Episode Three

In this episode, Ray and Sara examine breaches resulting from application access attacks, such as credential stuffing, email hacks, brute force, and phishing. They unpack some of the unique challenges that these access attacks pose, and discuss strategies for protecting the Access tier.

Episode Four

Listen as Ray and Sara unpack application DDoS attacks. Next-generation DDoS attacks that focus on applications rather than networks tend to be subtle, precise, and well-crafted. This make them harder to detect and mitigate. Ray and Sara also touch on Internet of Things (IoT) thingbots, and the effect they’re having on the black market and the tech industry.

Authors & Contributors
Raymond Pompon (Author)
Sara Boddy (Author)

What's trending?

Forward and Reverse Shells
Forward and Reverse Shells
09/15/2023 article 5 min. read
Web Shells: Understanding Attackers’ Tools and Techniques
Web Shells: Understanding Attackers’ Tools and Techniques
07/06/2023 article 6 min. read
What Is Zero Trust Architecture (ZTA)?
What Is Zero Trust Architecture (ZTA)?
07/05/2022 article 13 min. read