burger menu
F5 Labs 2018 Application Protection Report

F5 Labs 2018 Application Protection Report

    Add to bookmarks

This study on application security found that a large percentage of companies don't have much confidence in their ability to monitor all their applications. 

This report includes the analysis of 301 breaches in 2017 and Q1 2018 and revealed that web application attacks were the main cause of all reported breaches. Previous research conducted by F5 Labs into 433 major breach cases spanning 12 years and 26 countries revealed that applications were the initial targets in 53% of breaches.

According to the study, the highest percentage of breach reports for the first quarter of 2018 were web injections that took away card information from payments.

Besides, the main three main barriers to having a strong application security posture which is mentioned in this paper were the following: “lack of visibility in the application layer,” “lack of skilled or expert personnel,” and “migration to the cloud environment.” The first and third answers, the report notes, are can be solved with scanning, monitoring, and collaboration with the development team.

Besides, web application firewalls were mentioned as the top way of having secure applications. Application scanning and penetration testing were also mentioned. 

The report also notes that with the average company using 765 different web applications, outsourcing of application security is likely to grow in the near future.


Executive Summary 

What Apps Do We Use And Where Are They? 

How Could Application Attacks Aect My Organization? 

Am I Doing Enough To Protect My Apps? 

How Do I Compare With My Peers? Four Steps To Take To Protect Applications 

What Does The Future Of Application Protection Look Like?


Applications Are The Reason We Use The Internet 

What Is An App?

Application Services Tier 

Access Control Tier 

Transport Layer Security Tier 

Domain Name System Services Tier 

Network Tier

App Clients 

Threats At Each Tier 

How Are Apps Attacked? 

Web Application Attacks 

Application Infrastructure Attacks 

Denial-Of-Service Attacks 

Client Attacks 

What Happens To An Organization When Apps Are Attacked? 

Analyzing Applications For Risk 

How Much Does An Attack Hurt? What Are The Impacts? 

Web Application Attacks 

Top Breaches Involving Application Services 

Application Attacks 

Exploits Involving Web Application Services 

Top Attacks Involving Application Services 

Injection Attacks 

Account Access Hijacking 

Deserialization Attacks 

Advanced Persistent Threats To Applications 

App Infrastructure Attacks 

Attacks Against Transport Layer Protection 

Compromised Certificates 

Domain Name Services Hijacking 

Denial-Of-Service Attacks 

Client Attacks

Scripting Attacks To Hijack Access

Cross-Ite Request Forgery Attacks

Malware Attacks Against App Clients 

Application Protection Report 2018

Protecting Applications 

How Is Application Security Managed? 

How Are Application Vulnerabilities Handled?

What Security Controls Are In Place?

An Application Defense Strategy 

Understand Your Environment 


External Applications

Reduce Your Attack Surface 

Segregate And Partition 

Prioritize Defenses Based On Risk 

Know The Risk Of Your Code 

Select Flexible And Integrated Defense Tools 

Integrate Security Into Development 

Protecting Domain Name System Services 

Protecting The Transport Layer 

Protecting Against Ddos 

Protecting Your App Clients 

Protecting Your Customers’ App Clients  

Overview Of Attack Types And Defense Tools 

The Future Of App Protection 

Application Security 

Serverless Computing And Applications 

Outsourcing More Of Application Security 

Future Challenges For Transport Layer Security 

Conclusions And More Questions 100

Appendix 101 

Literature Review 

Table Of Figures 


Application Protection Report 2018



Researchfinder Rating
4 out of 5 stars
F5 Labs 2018 Application Protection Report
July 25, 2019
Ray Pompon


Number of Pages
Number of Tables
Number of Exhibits
application security, application software, authentification, cyber security, F5, malware, security
Ray Pompon
F5 Labs examined data from several sources, including internal datasets, WhiteHat Security vulnerabilities, Loryka attack data, and a Ponemon security survey commissioned by F5.

This is an insightful and in-depth report on application security.


  • Understandable language
  • Understandable conclusions
  • Nice layout
  • Great tables and graphics


Similiar Reports

Internet Trends 2019


2019 Global eCommerce Fraud Management Report


Good Practices for Security of Internet of Things