Raise your hand if your login credentials have been stolen at some point in your internet life. I’m looking at you, EVERYBODY! 2.3 Billion credentials were stolen in 2017 alone, so if you’re on the internet, someone-somewhere has your credentials and has probably tried to use them somewhere. Nowadays, 80% – 90% of login traffic world-wide is solely from what are called, Credential Stuffing attacks. HSBC and Dunkin’ Donuts are just a couple of the more recent high-profile victims of this kind of brute-force attack. So what in the world is Credential Stuffing, and how can we protect our applications from it?
You heard us talk about WAFs and ASM. So now it’s time to discuss how to create a basic F5 BIG-IP ASM Policy which is a security policy using F5’s Application Security Manager (ASM). With ASM you get the flexibility to both create a negative or positive security model. Negative security model means: I will block bad stuff. Positive security model means: I will only allow known good application traffic, everything else will be blocked.
This is a question I get all the time… What is a WAF? Since I maintain our WAF for my job, I usually need to educate and convince co-workers, management, application owners about why and how we should deploy our WAF. Let’s start with the objections I usually run into, and why you still should have a WAF, and then dig a bit deeper into what a WAF is really doing.