Web App and API Protection (WAAP) blog posts(32)
API security risks persist across all environments, even when air-gapped
Internal APIs often have reduced governance and visibility, creating vulnerabilities that attackers can exploit even if air-gapped or protected on-premises.
By Ian Dinno
Why risk scoring matters in the age of AI–driven vulnerability hunting
Learn how AI-powered WAF solutions can assign a single, intuitive score to quantify threat severity, transforming how application security decisions are made.
By Jay Kelley, Debrup Ghosh
Virtual patching in practice with F5 BIG-IP Advanced WAF and F5 Distributed Cloud Web App Scanning
Virtual patching reduces risk when a patch isn’t immediately available for a vulnerability, providing an organization security and time to create, test, and deploy a patch.
By Jay Kelley, Ian Dinno
Why digital sovereignty is ratcheting up the priority list
Many organizations are rethinking where applications run, who controls critical services, and how dependent they have become on external technology providers.
By Bart Salaets
The post-Mythos era: Why AI-powered defense is no longer optional
Learn why your organization must move now to automate WAF enforcement
By Darshant Bhagat, Debrup Ghosh
IT/OT convergence: What’s happening and why security has to lead
As IT and OT systems converge, the attack surface grows. Learn how organizations can integrate securely—and how F5 ADSP helps protect operations at scale.
By Frank Yue
From dashboard fatigue to operational excellence: Why XOps needs F5 Insight for ADSP
Learn how F5 Insight for ADSP lays the visibility foundation for XOps—turning fragmented signals across applications and infrastructure into actionable intelligence.
By John Maddison
Independent tests reveal F5 provides strong protection against traditional, emerging, and targeted AI app attacks
In independent, third-party tests by SecureIQLab, F5 AI Guardrails earned a 98.36% total security score and F5 WAAP alongside F5 AI Guardrails earned a total security score of 97.09%.
By John Maddison
Four highlights from F5’s flagship AppWorld conference
Missed this year’s F5 AppWorld conference? Get the latest F5 news here.
By John Maddison
API security without compromise: Introducing flexible new discovery options with F5 API security
F5’s expanded API discovery options are designed to deliver maximum flexibility and meet organizations where they are.
By Ian Dinno
F5 AI Remediate: Closing the AI security gap
F5’s new offering, F5 AI Remediate, shortens the path from AI vulnerability discovery to deployable protection.
By Jessica Brennan
A sneak peek into F5 BIG-IP v21.1: AI security, PQC, and software enhancements
Learn how F5’s BIG-IP v21.1 delivers AI security and PQC-readiness.
By Tom Atkins
A new playbook for hybrid multicloud cyber resilience
Learn why traditional resiliency models fall short and how modern cyber resilience, using an antifragile approach, turns disruption into an advantage.
By Griff Shelley, Colin Clauset, Mark Menger
MazeBolt + F5: Partners for automated DDoS protection
Integrating MazeBolt DDoS testing technologies into the F5 Application Delivery and Security Platform (ADSP) delivers fully automated, AI-powered DDoS protections.
By Rona Rom Amram
Why BOLA’s "authorization gap" requires a runtime strategy
Broken object-level authorization (BOLA) is not a bug but a failure of access controls. Learn how a three-tiered runtime strategy can close the gap and protect data.
By Chaim Peer, Ian Dinno
Why take a platform approach?
Learn why a converged platform for application delivery and cybersecurity offers the best path to simpler operations and stronger protection.
By Greg Maudsley
Rein in API sprawl with F5 and Google Cloud
Find out how F5 and Google Cloud can help you secure and manage your ever-increasing API integrations.
By Beth McElroy
Why SASE and ADSP are complementary platforms
SASE secures the hybrid workforce and ADSP secures the hybrid application estate. Learn how these converged platforms differ and why they complement each other.
By John Maddison
Latest release of F5 Distributed Cloud Bot Defense unlocks next-level features and enhancements
Console updates for F5 Distributed Cloud Bot Defense improve management of automated threats and integration into broader security frameworks.
By Robert Kusters
Cybersecurity Awareness Month: Four ways to stay safe online
Here are four tips from the Cybersecurity and Infrastructure Security Agency (CISA) and F5 for how you can keep your users safer online.
By Jay Kelley
PCI DSS Is the Baseline: The Case for Web App and API Protection in E-commerce
The latest PCI DSS compliance mandate has significantly expanded in scope to offset the growing threat of sophisticated attacks to the e-commerce sector.
By Byron McNaught
Ransomware in Healthcare: The Application Threat Vector
The healthcare industry remains a favorite target of attackers—notably by targeting vulnerabilities and compromised credentials in ransomware campaigns.
By Byron McNaught
F5 Named a Finalist (Again!) in the 2025 SC Awards for Best API Security Solution
F5 is a finalist in the 2025 SC Awards for Best API Security Solution, highlighting our innovation and leadership in cybersecurity.
By Ian Dinno
WAAP Evolution: From ‘Web App and API’ to ‘Web, API, and AI’ Protection
WAAP evolves to include AI protection. Learn why web, API, and AI security are crucial in our latest research.
By Lori Mac VittieGPU as a Service: The Catalyst for AI Growth in ASEAN, Opportunities, and Challenges
GPUaaS is transforming the way businesses approach AI infrastructure. See how it works and why it’s becoming the go-to solution for AI-driven organizations.
By Chin Keng LimQ&A with a Security Expert: Simplifying Web Application and API Protection Decisions
Hear from an application and API security expert about the critical importance of simplifying web application and API protection decisions.
By Chad DavisAdvance API Protection with Shift Left Security Strategies
Today's soaring API use demands integrating shift left security into your APIs. F5 and Google Cloud offer solutions for teams to alleviate the risks of shadow APIs.
By David RemingtonUnderstanding the EU's Digital Operational Resilience Act (DORA) Regulation Compliance in Financial Services
Explore key DORA incident reporting requirements, third-party risk compliance, and software solutions to enhance risk management in the EU financial sector.
By Chad DavisEnhancing AWS API Gateway Security: Best Practices for API Management
Learn more about top strategies for securing AWS API Gateway, and implementing secure API management, cloud native security, and threat detection on AWS.
By Dave MorrisseyProtecting API Endpoints Makes APIs Hard to Secure
Explore the complexities of API security, why organizations face challenges, evolving API endpoint attacks, and the need for tailored security policies.
By Lori Mac Vittie