Can F5 help with the vulnerability in WAZE social-traffic app?

Question

Method: Man-in-the-middle HTTPS Proxy.
Ability: Create ghost cars to receive real driver's location broadcast when driving. Create a fake traffic jam. 
Researchers pointed out WAZE servers did not detect anomaly when in a short period of time, many "cars" were created.&nbsp;
Details of vulnerability: http://fusion.net/story/293157/waze-hack/&nbsp;
Welcome any of your thoughts and insights.
It seems like web security is more obvious and easier to protect than application security/server-to-server communications. &nbsp;

yann_desmarest · Answer

Hello,&nbsp;
From what I understand on the attack, you can use rate limiting feature. You can also mitigate this vulnerability by using the DDoS feature from the ASM module that is anomaly based, source IP based or URL based detection. Or, you can write and deploy an irule that do intelligent rate limiting.&nbsp;

Forum Discussion

Can F5 help with the vulnerability in WAZE social-traffic app?

1 Reply

Recent Discussions

F5 Access Guard Deprecated: ZTA APM

Inquiry on F5's Maintenance Mode Feature for Pool Members

ASM Bot Defense JS and CSP

iRule interpretation assistance

CWE-20: Improper Input Validation

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Vulnerability CVE-2023-45648 in ApacheTomcat

Re: Mitigation of OWASP API6: 2019 Mass Assignment vulnerability using F5 Distributed Cloud Platform