Press Releases Archive   Search Press Releases
Press Release

F5 Networks' TrafficShield Application Firewall Protects Against Common Application Security Attacks

Stringent third-party testing measures TrafficShield against the industry's de facto standard for web application security; verifies that it provides solid protection

F5 Networks, Inc. (NASDAQ: FFIV), the global leader in Application Traffic Management, today announced that Aspect Security, a leading application security services provider, has tested F5's TrafficShield web application firewall and found that it meets its expectations for a web application firewall. The tests were based on the OWASP (Open Web Application Security Project) Top Ten list of application vulnerabilities, which serves as the industry's de facto standard for measuring web application security. In the tests, TrafficShield was used to protect WebGoat, a J2EE application created by OWASP that contains built-in security flaws and is used both to test security products and as a security education tool.

"Web application firewalls can provide significant protection for both internal and external facing applications," says Jeff Williams, CEO of Aspect Security, and one of the original authors of OWASP's Top Ten list. "Traditional network firewalls can't do the job: you need a device that's specifically designed to protect against web application vulnerabilities. Our testing showed that F5's TrafficShield product significantly reduces the risk associated with common web application security attacks."

The OWASP Top Ten list consists of the following web application security vulnerabilities:

  • Invalidated input
  • Broken access control
  • Broken authentication and session management
  • Cross-site scripting (XSS) flaws
  • Buffer overflows
  • Injection flaws
  • Improper error handling
  • Insecure storage
  • Denial of service
  • Insecure configuration management

For more details about the test results, go to

"The market is inundated with all kinds of security solutions, which creates a lot of confusion for customers evaluating products," said Marty Jost, Director of Product Management and Marketing at F5 Networks. "Independent organizations like OWASP help customers cut through the clutter by providing standardized criteria by which they can carefully evaluate the proper solution. Aspect's testing of TrafficShield provides the market with another level of independent validation and ensures customers that their web applications are protected from the OWASP Top Ten attacks."

About F5 Networks

F5 enables organizations to successfully deliver business-critical applications and gives them the greatest level of agility to stay ahead of growing business demands. As the pioneer and global leader in Application Traffic Management, F5 continues to lead the industry by driving more intelligence into the network to deliver advanced application agility. F5 products ensure the secure and optimized delivery of applications to any user-anywhere. Through its flexible and cohesive architecture, F5 delivers unmatched value by dramatically improving the way organizations serve their employees, customers and constituents, while lowering operational costs. Over 9,000 organizations and service providers worldwide trust F5 to keep their businesses running. The company is headquartered in Seattle, Washington with offices worldwide. For more information go to

# # #

This press release may contain forward looking statements relating to future events or future financial performance that involve risks and uncertainties. Such statements can be identified by terminology such as "may," "will," "should," "expects," "plans," "anticipates," "believes," "estimates," "predicts," "potential," or "continue," or the negative of such terms or comparable terms. These statements are only predictions and actual results could differ materially from those anticipated in these statements based upon a number of factors including those identified in the company's filings with the SEC.