In this report, sponsored by F5 Labs, we take a step back and examine the universe of vulnerabilities (defined by the CVE) and how it’s changed in the last 20 years. As you will see, we will find some surprising things along the way.

The 2020 edition of this annual report reviews five years of phishing events from F5’s Security Operations Center. This data is supplemented with active and confirmed phishing sites from Webroot and darkweb market data from Vigilante for a broad view of the volume and techniques of phishing activity.

For the sixth annual State of Application Services survey, F5 heard from nearly 2,600 respondents globally— across a range of industries, company sizes, and roles—about the challenges and opportunities presented by the ongoing process of digital transformation. Their responses provide a unique view of the trends shaping the application landscape and how organizations around the world are transforming to meet the ever-changing demands of the digital economy.

The second annual application protection report (APR) from F5 Labs combines data from F5’s global customer base with network telemetry from Baffin Bay to catalog and analyze the major threats facing application security practitioners. Includes recommendations for appsec professionals.

F5’s third annual report, partnering with Webroot and the F5 SOC, on phishing and fraud trends.

Overview of deployment of TLS encryption in the general internet and Alex Top 1000 sites.

This report from F5 offers insights into key data regarding application services in the Americas.

From the report, “For our fifth annual survey, we asked nearly 2,000 respondents globally across a range of industries, company sizes, and roles—about the challenges and opportunities presented by the ongoing process of digital transformation. This survey provides a uniquely comprehensive analysis of the trends shaping the application landscape—and how IT organizations are transforming to meet the ever-changing demands of the digital economy.”

F5 Labs, in conjunction with our data partner Loryka, has been tracking “The Hunt for IoT” for two years. We have focused our hunt primarily around port 23 telnet brute force attacks—the “low-hanging fruit” method—as they are the simplest, most common way to compromise an IoT device. (Telnet was also the most prominent attack type when we started this research series.)

In this report, they examine that series of interacting tiers—application services, application access, Transport Layer Security (TLS), domain name services (DNS), and the network—because each one is a potential target of attack.