The DevCentral Chronicles Volume 1, Issue 3
If you missed our initial issues of the DC Chronicles, catch up on January Issue 1 and February Issue 2. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed over the last month. Welcome!
Kicking off this issue is the OWASP Top 10 and the #Lightboard series from @JohnWagnon. Not to be confused with Matthew McConaughey, John drops numbers 6-7-8 of the Top 10 recently. He lights up Security Misconfiguration, Cross Site Scripting and Insecure Deserialization this time around and we have a YouTube Playlist to catch them all. Great series and only two more to go!
One of the most popular articles over the last couple weeks was @dholmesf5 The Top Ten Hardcore F5 Security Features in BIG-IP 13! Always a fun read, David dives in to some of the coolest security functionality in BIG-IP v13 along with sharing some personal stories. David is a master at weaving in personal plight with information security so don’t miss it.
Have you jumped on the #SuperNetOps bandwagon yet? Wondering how it can help you move into the #DevOps realm? We have a section dedicated to Super NetOps and recently, @JasonRahm added a FAQ to help you get past the hump.
We’ve also posted a couple mitigations to some recent vulnerabilities. Security researcher Gal Goldshtein shares how to mitigate the Oracle Tuxedo "JOLTandBLEED" vulnerability (CVE-2017-10269) along with the Jenkins Unsafe Deserialization Vulnerability (CVE-2017-1000353). Gal offers step-by-step instructions on how to set it up on BIG-IP ASM. Also for ASM this month, Nir Ashkenazi shared a couple new Ready Templates, one for SharePoint 2016 and one for Drupal 8. Both help you simplify the configuration process and secure those applications.
Rounding out this issue of the Chronicles has Robbie Stahl covering BIG-IP VE on VMware for Custom Properties and an Ansible Deployment; I write up some goodness on F5’s Application Connector; And, Hannes Rapp is our Featured Member for March. Hannes is an Independent F5 Engineering Consultant focusing on BIG-IP ASM and LTM. According to Hannes, 'if you combine these two modules, you have the best of F5 product portfolio. One without another is incomplete BIG-IP.' We wouldn’t argue that.
As always, You can stay engaged with @DevCentral (and watch how we create our LightBoard Lessons), join our LinkedIn Group or subscribe to our YouTube Channel. Look forward to hearing about your BIG-IP adventures.
ps