Security blog posts(29)
Multicloud chaos ends at the Equinix Edge with F5 Distributed Cloud CE
Simplify multicloud security with Equinix and F5 Distributed Cloud CE. Centralize your perimeter, reduce costs, and enhance performance with edge-driven WAAP.
By Lori Mac Vittie
How AI inference changes application delivery
Learn how AI inference reshapes application delivery by redefining performance, availability, and reliability, and why traditional approaches no longer suffice.
By Lori Mac Vittie
WAAP Evolution: From ‘Web App and API’ to ‘Web, API, and AI’ Protection
WAAP evolves to include AI protection. Learn why web, API, and AI security are crucial in our latest research.
By Lori Mac Vittie
API Security: Programmability Is Required
Programmability is essential for API security, enabling testing, threat mitigation, seamless upgrades, and integration. It’s crucial for handling zero-day vulnerabilities.
By Lori Mac Vittie
Application Delivery and Security for AI Applications: Navigating Modern AI Architecture
Discover how generative AI applications and API security are shaping modern application delivery and security.
By Lori Mac VittieUsing 1Password CLI to Securely Build NGINX Plus Containers
With 1Password’s CLI tool, you can ensure the security of your NGINX Plus containers from the moment you build them. Learn more in this quick guide.
By Cody GreenMulti-Cloud API Security with NGINX and F5 Distributed Cloud WAAP
Navigate the complexity of distributed environments and securely deliver APIs at scale with this three-tier approach to hybrid and multi-cloud architectures.
By Andrew StiefelAnnouncing the Open Source Subscription by F5 NGINX
Get enterprise support, features, and simplified administration for NGINX Open Source with the new Open Source Subscription by F5 NGINX. Ensure timely patches, regulatory compliance, confidentiality, ...
By Jenn GileThe Mission-Critical Patient-Care Use Case That Became a Kubernetes Odyssey
A healthcare tech company migrated to Kubernetes, reduced downtime, and improved visibility with Azure Kubernetes Service and NGINX.
By Jenn Gile2 Ways to View and Manage Your WAF Fleet at Scale with F5 NGINX
We highlight two ways to improve app security: increase visibility into WAF operation with NGINX Management Suite and implement security-as-code-with NGINX App Protect WAF.
By Fabrizio Fiorucci, Thelen BlumNGINX Tutorial: How to Securely Manage Secrets in Containers
Learn how to safely use and distribute secrets in containers, using a mix of Linux tools and secrets management systems.
By Robert Haynes
Why Managing WAFs at Scale Requires Centralized Visibility and Configuration Management
NGINX Management Suite makes security easier and more reliable with centralized visibility and configuration management of NGINX App Protect WAF.
By Thelen BlumArchitecting Zero Trust Security for Kubernetes Apps with NGINX
Protect your users, distributed applications, microservices, and APIs at scale and end-to-end across any environment – on-premises, hybrid, and multi-cloud.
By Ilya KrutovConnect, Scale, and Secure Apps and APIs with F5 NGINX Management Suite
NGINX Management Suite provides holistic visibility and control of NGINX instances, application delivery services, API management workflows, and security solutions.
By Jenn GileAutomate Security with F5 NGINX App Protect and F5 NGINX Plus to Reduce the Cost of Breaches
Lower data breach costs by 80% by adding automation and AI into your security solution with F5 NGINX App Protect and F5 NGINX Plus for DoS protection, WAF, and authentication and authorization.
By Thelen Blum, Matthieu Dierick
NGINX Tutorial: Protect Kubernetes Apps from SQL Injection
Web apps are a common target for hackers looking to exploit vulnerabilities and obtain sensitive information. In this tutorial, Daniele Polencic of Learnk8s demonstrates how you can improve Kubernetes...
By Daniele PolencicAnnouncing NGINX Plus R26
NGINX Plus R26 introduces faster JWT validation with JSON Web Key Set caching and hardened TLS handshakes for improved security. New NGINX JavaScript features include enhanced support for asynchronous...
By Robert HaynesSecure Your gRPC Apps Against Severe DoS Attacks with NGINX App Protect DoS
gRPC provides the speed and flexibility developers need to design and deploy modern applications, but its open nature makes it highly vulnerable to Layer 7 DoS attacks. NGINX App Protect DoS protects ...
By Yaniv Sazman, Thelen BlumSix Ways to Secure Kubernetes Using Traffic Management Tools
Explore six use cases where Kubernetes traffic‑management tools -- including F5 NGINX App Protect, Ingress Controller, and Service Mesh -- solve security problems. Help your SecOps teams collaborate w...
By Jenn GileBringing F5 and NGINX WAF Policies into Controller App Security
With NGINX Controller App Security for version 3.20 of the Application Delivery Module, you can now import your custom F5 Advanced WAF and NGINX App Protect WAF policies and distribute them across all...
By Daphne WonFortifying APIs with Advanced Security
The NGINX Controller App Security add-on for Controller API Management provides an app-centric, self-service way for app teams to boost their API security with integrated WAF protection. Security team...
By Karthik KrishnaswamyHow NGINX App Protect Denial of Service Adapts to the Evolving Attack Landscape
We explain how NGINX App Protect Denial of Service (DoS) adapts its mitigation methods in real time to protect against Layer 7 DoS attacks. By creating a model of normal user behavior and server healt...
By Vadim KrishtalNGINX App Protect Denial of Service Blocks Application-Level DoS Attacks
NGINX App Protect Denial of Service (DoS) protects your modern applications against sophisticated application-level (Layer 7) DoS attacks, including GET and POST flooding, Slowloris, Slow read, slow P...
By Yaniv SazmanMitigating Security Vulnerabilities Quickly and Easily with NGINX Plus
An often-overlooked benefit of NGINX Plus is how it makes protecting yourself against security threats quick and easy. We proactively inform NGINX Plus subscribers of security vulnerabilities and patc...
By Laurent PétroqueModSecurity: Logging and Debugging
In this blog post, we describe the basics of logging and debugging with ModSecurity and provide audit log and debug log examples
By Faisal MemonDynamic IP Denylisting with NGINX Plus and fail2ban
We implement dynamic IP address-based denylisting using the NGINX Plus key-value store and fail2ban, which monitors log files for suspicious activity
By Liam CrillyAnnouncing NGINX Plus R13
NGINX Plus R13, with more dynamic deployments, enhanced debugging, and improved security, is now available free to NGINX Plus subscribers
By Liam CrillyAuthenticating Users to Existing Applications with OpenID Connect and NGINX Plus
NGINX Plus R10 adds support for the JSON Web Token (JWT) standard. Learn how to use JWTs and OpenID Connect to control access to your applications.
By Liam Crilly
Securing URLs with the Secure Link Module in NGINX and NGINX Plus
Learn how to secure resources with NGINX and NGINX Plus, by requiring clients to include a hashed value in request URLs, optionally with an expiration date
By Kunal Pariani