Many people in the information security field strongly suspected that government eavesdropping was pervasive. But Edward Snowden’s leaks about the NSA and programs such as PRISM have thoroughly confirmed these suspicions. The latest NSA proposals to the White House (reported by The Washington Post) for a “front door” to our mobile devices has let us know that these and other agencies are unrelenting in their efforts to compromise our privacy. Government agencies are not alone in their desire to eavesdrop. The so-called Superfish root certificate installed on Lenovo laptops enabled pervasive sniffing by adware networks. These eavesdropping mechanisms, even on…
Author: Brian A. McHenry
Brian A. McHenry
As a Senior Security Solutions Architect at F5 Networks, Brian McHenry focuses on web application and network security. McHenry acts as a liaison between customers and F5 product teams, providing a hands-on, real-world perspective. He is a regular contributor on InformationSecurityBuzz.com, a co-founder of BSidesNYC, and a speaker at AppSecUSA, BC Aware Day, GoSec Montreal, and the Central Ohio Infosec Summit, among others. Prior to joining F5 in 2008, McHenry, a self-described IT generalist, held leadership positions within a variety of technology organizations, ranging from startups to major financial services firms.
Almost seven years ago, I sat in a steakhouse in Manhattan listening to Jeremiah Grossman of WhiteHat Security hold forth on the serious nature of web application security and how Web Application Firewalls (WAF) could help improve vulnerability remediation rates. Inspired, I set out evangelizing the benefits of WAF for providing another layer of input and protocol validation, thus enabling terminally vulnerable web applications to be protected from their own flaws. Many IT organizations met this recommendation with either confusion (What’s a SQL injection?) or disbelief (Why would someone try to do that?). Often, the former audience was the network engineering…
In the onward rush to software-defined things in the cloud, it seems the concept of network function virtualization (NFV) is beginning to catch up with the more mature (and some might say commoditized) server and application virtualization technologies. With NFV reaching stages of maturity, and controller solutions emerging from seemingly every vendor, what’s holding back the full-on adoption of Software-Defined Networking (SDN)? Well, there is a missing link in the chain, namely security. The promise of SDN is the ability to define data paths via the network that are optimized for scale and efficiency. Tried and true technologies such as routing…
Brian A. McHenry of F5 Networks discusses how security is beginning to match availability and performance when it comes to application delivery.
Brian A. McHenry of F5 Networks discusses how the ratification of both HTTP 2.0 (HTTP/2) and TLS 1.3 will disrupt the Internet in 2015.
Brian A. McHenry of F5 Networks discusses how corporate networks must be as reliable as the SSL encrypting it.
If web application security is hard, then we must find ways to be practical in our approach.
UX is often mentioned in the context of a User Interface (UI), but only recently has UX become a topic of conversation in security circles.
Brian McHenry discusses the pitfalls and effectiveness of encryption methods used for internet traffic.
