Attack surface management (ASM) learning resources


Minimize risk by effectively managing your attack surface. Learn strategies to identify, monitor, and secure vulnerabilities across APIs, applications, cloud environments, and supply chains.

Learn more

Cyber threat detection and response ›

Cyber security risk management and protection framework ›

Governance and cyber security risk compliance ›

Application access control

Secure systems with zero trust app access controls that ensure identity and context based, per-request app access.

Access control
GLOSSARY
Access control
What is access control?
LABS
What is access control?
The challenges and benefits of identity and access management
WHITE PAPER
The challenges and benefits of identity and access management
Application access control - Code, agent, or proxy?
TECHNICAL ARTICLE
Application access control - Code, agent, or proxy?
Take control of identity and access management in the cloud
TECHNICAL ARTICLE
Take control of identity and access management in the cloud

API attacks and security management

Protect against negative impacts of unprotected APIs. Learn about the key elements that comprise full API lifecycle security posture.

What is API security? Main types and use cases
GLOSSARY
What is API security? Main types and use cases
OWASP API security top 10 overview and best practices
GLOSSARY
OWASP API security top 10 overview and best practices
What is web app and API protection (WAAP)?
GLOSSARY
What is web app and API protection (WAAP)?
API security needs bot management: Addressing the OWASP top ten API vulnerabilities
BLOG
API security needs bot management: Addressing the OWASP top ten API vulnerabilities
API security checklist: Best practices, testing, and NIST
BLOG
API security checklist: Best practices, testing, and NIST
Prevent API attacks with essential tools and best practices for API security
BLOG
Prevent API attacks with essential tools and best practices for API security
API attack prevention: Preparing for cybercriminals’ new account takeover target
BLOG
API attack prevention: Preparing for cybercriminals’ new account takeover target
Pokémon Go API – A closer look at automated attacks
BLOG
Pokémon Go API – A closer look at automated attacks
What hybrid IT means for app and API security
BLOG
What hybrid IT means for app and API security
Modern API security risks and challenges solved with web app and API protection (WAAP) solutions
BLOG
Modern API security risks and challenges solved with web app and API protection (WAAP) solutions
Extend and modernize application protection with WAAP solutions
BLOG
Extend and modernize application protection with WAAP solutions
WAAP evolution: From ‘web app and API’ to ‘web, API, and AI’ protection
BLOG
WAAP evolution: From ‘web app and API’ to ‘web, API, and AI’ protection
Q&A with a security expert: Simplifying web application and API protection decisions
BLOG
Q&A with a security expert: Simplifying web application and API protection decisions
API security uncovered: Insights from attackers and defenders
WEBINAR
API security uncovered: Insights from attackers and defenders
WAAP market insights: What buyers need to know in 2025
WEBINAR
WAAP market insights: What buyers need to know in 2025
Evaluate your API security posture
ASSESSMENT
Evaluate your API security posture
Demystifying API attacks using gamification
LABS
Demystifying API attacks using gamification
6 principles of a holistic API security strategy
ARTICLE
6 principles of a holistic API security strategy
Web app and API protection (WAAP) buying guide
ARTICLE
Web app and API protection (WAAP) buying guide
Web application and API protection (WAAP) buying guide
EBOOK
Web application and API protection (WAAP) buying guide
Best API and web application security solutions comparison
INFOGRAPHIC
Best API and web application security solutions comparison
F5 Distributed Cloud Web App and API Protection overview
OVERVIEW
F5 Distributed Cloud Web App and API Protection overview
Gartner® Market Guide for cloud web application and API protection
REPORT
Gartner® Market Guide for cloud web application and API protection
F5 rated as a top performer in the 2024 Cloud WAAP CyberRisk Validation Report by SecureIQLab
REPORT
F5 rated as a top performer in the 2024 Cloud WAAP CyberRisk Validation Report by SecureIQLab

Application security and protection

Protect applications from vulnerabilities and threats with comprehensive security strategies. Learn best practices for safeguarding web apps, mobile platforms, and digital infrastructures against evolving attacks.

What is application security?
GLOSSARY
What is application security?
What is cybersecurity?
GLOSSARY
What is cybersecurity?
Dynamic application security testing (DAST)
GLOSSARY
Dynamic application security testing (DAST)
What is a web application firewall (WAF)?
GLOSSARY
What is a web application firewall (WAF)?
Top 10 web application security best practices
BLOG
Top 10 web application security best practices
How does a WAF mitigate vulnerabilities?
BLOG
How does a WAF mitigate vulnerabilities?
7 critical capabilities for mobile app security: Protecting your digital frontier
BLOG
7 critical capabilities for mobile app security: Protecting your digital frontier
F5 Web Application Firewall (WAF) integration with AWS is available today
BLOG
F5 Web Application Firewall (WAF) integration with AWS is available today
Strengthen AWS WAF against critical application threats
BLOG
Strengthen AWS WAF against critical application threats
Q2: How F5 helps protect our financial services platform
BLOG
Q2: How F5 helps protect our financial services platform
Extend and modernize application protection with WAAP solutions
BLOG
Extend and modernize application protection with WAAP solutions
2025 state of AI application strategy report: AI readiness
REPORT
2025 state of AI application strategy report: AI readiness
F5 named a leader in the KuppingerCole Leadership Compass 2024 for web application
REPORT
F5 named a leader in the KuppingerCole Leadership Compass 2024 for web application
F5 listed among leaders in KuppingerCole Leadership Compass 2024 for WAF
BLOG
F5 listed among leaders in KuppingerCole Leadership Compass 2024 for WAF
Web app and API protection (WAAP) buying guide
BUYING GUIDE
Web app and API protection (WAAP) buying guide
Get started with F5 Distributed Cloud WAF
DEMO
Get started with F5 Distributed Cloud WAF
F5 hybrid security architectures: One WAF engine, total flexibility (intro)
TECHNICAL ARTICLE
F5 hybrid security architectures: One WAF engine, total flexibility (intro)

Application security testing

Ensure application resilience with effective, continuous security testing practices. Learn to identify vulnerabilities, streamline testing efforts, and validate protections of web applications to better safeguard against evolving threats.

Web application security testing tools
BLOG
Web application security testing tools
Web app scanning across your organization's domain
ASSESSMENT
Web app scanning across your organization's domain
Stay secure: Embrace continuous testing for modern web applications
WEBINAR
Stay secure: Embrace continuous testing for modern web applications
What is a web application firewall (WAF)?
GLOSSARY
What is a web application firewall (WAF)?
How to pen test the c-suite for cybersecurity readiness
LABS
How to pen test the c-suite for cybersecurity readiness
Web shells: Understanding attackers’ tools and techniques
LABS
Web shells: Understanding attackers’ tools and techniques
Mitigate application security vulnerabilities
SOLUTION
Mitigate application security vulnerabilities

Cloud application security

Protect cloud-based applications with advanced security measures tailored for hybrid cloud and multicloud environments. Learn strategies to secure modern apps, prevent attacks, and ensure compliance across platforms.

Crawford & Company accelerates cloud migration with F5
CASE STUDY
Crawford & Company accelerates cloud migration with F5
F5 and Google Cloud secure adaptive applications
BLOG
F5 and Google Cloud secure adaptive applications
Power your application modernization journey with Google Cloud and F5
BLOG
Power your application modernization journey with Google Cloud and F5
Securely modernize Kubernetes apps with F5 and Google Cloud
BLOG
Securely modernize Kubernetes apps with F5 and Google Cloud
Application security for a hybrid and multi-cloud digital world
WEBINAR
Application security for a hybrid and multi-cloud digital world
Key concepts for securing cloud applications
WEBINAR
Key concepts for securing cloud applications
Application security
TECHNICAL KNOWLEDGE
Application security

Penetration testing

Proactively identify vulnerabilities with automated pen testing strategies. Learn to simulate real-world attacks, assess system weaknesses, and fortify security to prevent breaches.

Web application security testing tools
BLOG
Web application security testing tools
API security checklist: Best practices, testing, and NIST
BLOG
API security checklist: Best practices, testing, and NIST
Stay secure: Embrace continuous testing for modern web applications
WEBINAR
Stay secure: Embrace continuous testing for modern web applications
F5 Distributed Cloud Web App Scanning
PRODUCT
F5 Distributed Cloud Web App Scanning
Web app scanning across your organization's domain
ASSESSMENT
Web app scanning across your organization's domain
How to pen test the c-suite for cybersecurity readiness
LABS
How to pen test the c-suite for cybersecurity readiness

Supply chain attacks

Guard against supply chain attacks that target software and hardware vulnerabilities. Learn strategies to secure dependencies, manage risks, and protect operations from upstream threats.

Supply-chain hacks and hardware’s role in security
BLOG
Supply-chain hacks and hardware’s role in security
The move to modernize ops will increase the need for software supply chain security
BLOG
The move to modernize ops will increase the need for software supply chain security
JavaScript supply chain risks & how to stop them
WEBINAR
JavaScript supply chain risks & how to stop them
Attacks against domain specific languages, EU cybersecurity laws, & supply chain attacks
SECURITY INSIGHTS
Attacks against domain specific languages, EU cybersecurity laws, & supply chain attacks
GitLab vulnerability, secure by design pledge, & near miss supply chain attack
SECURITY INSIGHTS
GitLab vulnerability, secure by design pledge, & near miss supply chain attack
Supply chain | OWASP top 10 for LLM applications guide (2025)
OPERATIONS GUIDE
Supply chain | OWASP top 10 for LLM applications guide (2025)

Vulnerability management

Effectively manage vulnerabilities to reduce risk and enhance security. Learn to identify, prioritize, and remediate weaknesses across systems, applications, and infrastructure.

Application security vulnerability mitigation
SOLUTION GUIDE
Application security vulnerability mitigation
Red team tools reveal gaps in vulnerability management practice
LABS
Red team tools reveal gaps in vulnerability management practice
Managing vulnerabilities
TECHNICAL FORUM
Managing vulnerabilities
Prioritizing vulnerability management using machine learning
TECHNICAL ARTICLE
Prioritizing vulnerability management using machine learning
Overview of the F5 security vulnerability response policy
POLICY
Overview of the F5 security vulnerability response policy
Deliver and Secure Every App
F5 application delivery and security solutions are built to ensure that every app and API deployed anywhere is fast, available, and secure. Learn how we can partner to deliver exceptional experiences every time.
Connect With Us
Attack Surface Management (ASM) Learning Resources | F5