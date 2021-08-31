Log in
  Homepage
  Equities
  United States
  Nasdaq
  F5 Networks, Inc.
  News
  Summary
    FFIV   US3156161024

F5 NETWORKS, INC.

(FFIV)
  Report
F5 : Securing GraphQL APIs with F5 Advanced WAF

08/31/2021 | 01:12pm EDT
State of the APIs

Over the past several years, many organizations have been going through a digital transformation, a process which has accelerated due to the COVID-19 pandemic.

And APIs are playing a significant role in that transformation. As part of their digital transformation, many of those same organizations are now stating that they are an 'API-First' organization. An 'API-First' organization is one that begins by designing an application by designing APIs first. Then, using the APIs as the foundation, they begin designing the remainder of the application. The intent is that the application will leverage its foundational APIs to communicate with and retrieve information from other applications.

These organizations are usually developing APIs and consuming them to support their partnerships with external organizations, reducing their development time and cost, and enhancing interoperation between internal systems, tools, and teams.

As stated in F5 Labs' State of Application Strategy Report 2021, APIs are also the cornerstones for application modernization, being leveraged to assist in the adaptation and updating of older, classic applications to support newer, more modular application languages, tools, and platforms. Also, APIs - both good and bad ones - now account for the vast majority of total web traffic.

That's the first edge of the 'double-edged sword' of APIs.

The second edge of the 'double-edged' sword regarding APIs is, according to Gartner, API abuses will become the most frequent attack vector by 2022. Attackers realize that APIs can be vulnerable or are even left unprotected by some organizations, as they rely upon an open flow of data and information to be shared between their application and other applications. Other times, its simply an oversight, but one that allows attackers a quick, simple entry point to compromise an application. This situation requires special treatment, such as native support of all API protocols and technologies used by the industry.

GraphQL APIs

One relatively new API technology that has grown quickly in the past few years and is continuing to gain traction is GraphQL. Internally developed by Facebook in 2012, now a part of the Linux Foundation, GraphQL is overcoming significant challenges that exist in REST APIs. Organizations are turning to GraphQL to develop APIs, as opposed to REST or SOAP.

Such challenges include under-fetching and over-fetching of data, faster front-end development without the need for new API endpoints (GraphQL uses one endpoint), great backend analytics using GraphQL queries, and a structured schema and type system.

Last year, GraphQL already attained more than 22% industry adoption1, reaching Innovators, Early Adopters, and the Early Majority of the Innovation Adoption Lifecycle.

GraphQL is expected to become one of the leading standards for APIs in the years to come.

GraphQL Security

However, the meteoric growth and acceptance of GraphQL has also quickly drawn the attention of cyber adversaries, some of whom have already started exploiting vulnerabilities in the GraphQL ecosystem and have begun developing tools to attack them.

Attack techniques on APIs using GraphQL include good old SQL injections, as well as newly formed attacks that are leveraging the GraphQL specification to reveal data about the API and use it to the attacker's advantage.

In addition, new methods for denial of service (DoS) attacks have been introduced that leverage GraphQL-built APIs and quickly drain server resources.

Starting with Advanced WAF v16.1, F5 now natively supports security for GraphQL APIs.

First and foremost, F5 has developed native parsing of GraphQL traffic to allow Advanced WAF Attack Signatures to be applied.

On one hand, this approach will detect attacks in the right places of the payload (run the signatures on the values); and on the other hand, this approach will stop false positives due to attack signatures running on the wrong parts of GraphQL requests.

Second, F5 creates the GraphQL policy template and content profile as a part of the Application Security Policy.

In this new content profile, the user can configure the total length and value length of parameters, limiting them according to their policy.

In addition, the user can configure the maximum structure depth eliminating recursive GraphQL queries that can lead to a DoS attack; and the maximum batched queries, limiting the number of different GraphQL queries in one HTTP request.

Introspection queries can also be enforced, which can otherwise aid attackers in their understanding of the API structure and enable them to be more successful breaching an app.

Disclaimer

F5 Networks Inc. published this content on 31 August 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 31 August 2021 17:11:03 UTC.


© Publicnow 2021
Financials (USD)
Sales 2021 2 594 M - -
Net income 2021 325 M - -
Net cash 2021 997 M - -
P/E ratio 2021 39,5x
Yield 2021 -
Capitalization 12 416 M 12 416 M -
EV / Sales 2021 4,40x
EV / Sales 2022 4,02x
Nbr of Employees 6 129
Free-Float 99,6%
Chart F5 NETWORKS, INC.
Duration : Period :
F5 Networks, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends F5 NETWORKS, INC.
Short TermMid-TermLong Term
TrendsNeutralNeutralBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 19
Last Close Price 205,86 $
Average target price 230,59 $
Spread / Average Target 12,0%
EPS Revisions
Managers and Directors
François Locoh-Donou President, Chief Executive Officer & Director
Francis J. Pelzer Chief Financial Officer & Executive Vice President
Alan J. Higginson Non-Executive Chairman
Mary Gardner Chief Information Security Officer & VP
Geng Lin Chief Technology Officer & Executive VP
Sector and Competitors
1st jan.Capi. (M$)
F5 NETWORKS, INC.16.84%12 416
ACCENTURE PLC29.02%213 704
TATA CONSULTANCY SERVICES LTD.29.29%186 978
INTERNATIONAL BUSINESS MACHINES CORPORATION10.75%124 562
INFOSYS LIMITED35.22%98 365
AUTOMATIC DATA PROCESSING, INC.18.59%88 453