Application Infrastructure Protection Home > Solutions > Application Infrastructure Protection

App Security→Application Infrastructure Protection

App infrastructure protection defends the systems that applications depend on. Preventing attacks on TLS, DNS, and the network is critical to keeping your apps secure and available.

Top image
Bottom image
Key Disclosure Certificate Spoofing
The keys used to decrypt confidential data and establish authenticity are the highest value assets in the security infrastructure. Like credentials, keys provide access to an app or network, as well as data encrypted at rest or in transit. Key material can be exposed in a variety of ways: by attackers gaining access to the systems that host the key material, by accidentally “leaking” the key in a backup or low-security data repository, or via an exploit like Heartbleed. High-security environments typically use specialized hardware key storage (for example, FIPS 140) to protect keys from key disclosure. Digital certificates (also known as SSL certificates) provide secure, encrypted communications between a website and its users, decreasing the risk of sensitive information (such as login credentials or credit card numbers) being tampered with or stolen. Certificates are issued to organizations by trusted certificate authorities (CAs) to verify the identity of the organization’s website to users. (Think of it as the equivalent of a passport or driver’s license.) Certificate spoofing occurs when an attacker presents a fake digital certificate on a malicious website. This can lead to unsuspecting users trusting a malicious website or imposter app, making them vulnerable to malware infection, man-in-the-middle attacks, or stolen credentials.
Protocol Abuse Session Hijacking
Protocols have defined purposes and uses, such as port 443 for HTTPS or encrypted web traffic. Attackers can abuse these by using a known protocol, which a traditional firewall may allow through, as a covert channel to transfer stolen data or issue commands to malware inside a network. When attackers send non-HTTPS traffic across defined ports (or any other port that isn’t intended for use by non-HTTPS traffic), it’s known as protocol abuse.
When an attacker successfully obtains or generates an authentication session ID, it’s session hijacking. The attacker uses captured, brute-forced, or reverse-engineered session IDs to take control of a legitimate user’s web application session while the session is still in progress.



SSL/TLS enables businesses to securely communicate with customers and partners. Problem is, SSL/TLS can also function as a tunnel that attackers use to hide attacks and malware from security devices. Inspection devices like a next-gen firewall, an IDS/IPS, or a malware sandbox don’t see into encrypted SSL/TLS traffic or suffer degraded performance when decrypting. F5 SSL Orchestrator easily integrates into complex architectures and offers a centralized point for decryption and re-encryption while strategically directing traffic to all the appropriate inspection devices.


Attackers and security researchers are constantly trying to find new ways to break today’s popular methods of encrypting data-in-transit. Often, a flaw in the protocol design, a cipher, or an underlying library is the culprit. Our solution provides for centralized management of your TLS configuration which enables better application performance and allows seamless flexibility in updating your TLS configurations as needed.


DNS hijacking attacks threaten the availability of your applications. They can even compromise the confidentiality and integrity of the data if customers are tricked into using a bogus application. With the F5 DNS security solution, you can digitally sign and encrypt your DNS query responses. This enables the resolver to determine the authenticity of the response, preventing DNS hijacking as well as cache poisoning.


A DNS flood, including the reflection and amplification variations, disable or degrade a web application's ability to respond to legitimate traffic. These attacks can be difficult to distinguish from normal heavy traffic because the large volume of traffic often comes from several unique locations, querying for real records on the domain, mimicking legitimate traffic. The F5 DNS DDoS solution can stop these attacks by scaling up to process more requests per second when necessary.


Many firewalls and IPS solutions do not address the more modern threats to DNS infrastructure, like DNS tunneling. Managing DNS attack vectors like DNS tunneling requires inspection of the entire DNS query for deeper markers of either good or bad behavior without disrupting service performance.

Contact Us
Phasellus placerat rutrum tristique. In hacse platea dictumst.
Harbour Centre 25 Harbour Road Wanchai Hong Kong