F5 Labs

F5 Labs summer intern describes her experiences building a Python-based HTTPS scanning library for security research and release as an open source tool.

As cybercriminals continue trying to break into applications using legitimate channels, digital identity is a growing target. Learn what digital identity is and the attack methods fraudsters employ at every stage of the identity life cycle.

As organizations make more of their APIs publicly available, it’s important they understand the potential risks of data exposure and establish best practices for securing all APIs.

Securing APIs demands a new approach. See what we can learn from API incidents and where to begin.

How to shift from firefighting to fire suppression.

COVID-19 has changed our business operation models, and attackers have been adapting quickly. Shape's Dan Woods writes for ITProPortal, describing the emerging trends and how different industries need to adapt.

F5 Labs has released a new open-source tool to check for HTTPS misconfigurations of public and internally hosted HTTPS websites.

Cred stuffing isn't going away. Shape's Jarrod Overson writes for InformationSecurityBuzz, examining the ROI of cred stuffing for attackers, and the evolution to "imitation attacks".

Understanding what APIs are, the role they play in modern apps, and the potential risks they pose to organizations.

What’s the minimum security level that regulations require of every organization? Check our list for the lowest bar of reasonable security.

Cybersecurity experts are falling prey to seven myths in the effort to protect their business. Shape's Daniel Woods writes for Forbes, explaining where these myths have led us astray, and how to keep the useful bits while discarding the chaff.

Learn about the technical controls that leading regulators around the world endorse for an effective and secure Open Banking initiative.

In a climate of rampant online fraud, protecting yourself from identity theft requires taking some simple, proactive steps and remaining constantly vigilant.

Under normal circumstances, we wouldn't use user data to track users en masse - but these aren't normal circumstances. F5's Shuman Ghosemajumder writes for DarkReading, discussing the short- and long-term privacy implications of COVID-19.

Starting next year, all companies conducting business with the DoD must pass an audit to obtain the CMMC. This is Part 3 of our CMMC series that covers the assessment process and how CMMC could become the model for all future compliance standards.

The Qbot banking trojan is back, targeting American banks with dedicated campaigns followed by stealth and evasion techniques.

How to move your workforce securely to remote access with zero trust networking.

Longstanding security challenges such as input validation, data exposure, and rate limits are affecting modern gRPC-based applications.

CAPTCHA solver networks that use humans in the developing world to enable large-scale bot attacks demonstrate the need for a new approach to security controls.

The healthcare industry is adopting a decade of digital transformation in a matter of months, with the risk exposure to match. F5 Labs' Preston Hogue writes for SecurityWeek, discussing the vital need for security expertise to lend a hand.