DevCentral Top 5: Dec 15, 2014

It's the most wonderful time of the year, and it's the most wonderful content on DevCentral.  Our DevCentral authors never disappoint, and this edition of the Top 5 is sure to please again.  Sit back, grab another shot of egg nog, and enjoy the great articles that consistently grace the pages of this community.

 

Snippet #3: LineRate and Response Header Modification

Madhu Rajagopal serves up a festive holiday treat with this little LineRate beauty.  He points out that many web servers and applications set response headers that reveal software versions and technology type.  For example, a server response header might include information like "Apache/2.4.7 (Ubuntu)".  This gives would-be attackers a great starting point to begin their nefarious behavior against your web application...they know exactly what software and version you are running, so they can pinpoint vulnerabilities to exploit.  Using a few lines of LineRate code, you can remove the "Server" field and "X-Powered-By" field so as to not disclose sensitive and unnecessary information.  Thanks for keeping us safe, Madhu!

 

To Comment or Not to Comment?

That is the question.  And Jason Rahm gives us the answer.  We've all been taught to document our code, but some have claimed that adding comments are a veiled admission of a programmers lack of ability of expression.  "How can I improve this code so that this comment isn't needed?" said Steve McConnell.  Be that as it may, many programmers understand the need to add comments to their code.  Jason does a great job of explaining the various syntactical approaches for commenting iRules, and he even points out best practices that will prove useful as you enjoy the Tcl experience.  Feel free to #comment on his article and add tell Jason what you think about code documentation.

 

Mobile banking and how to stay secure

Gary Newe hits a home run with this very relevant and timely article.  When you think about web applications and security, online banking always makes the list.  For good reason, banks and other financial institutions put a great deal of emphasis on security, but if the user experience becomes too slow and cumbersome, customers might be inclined to take their business (and money) elsewhere.  Certainly, you want to find a good balance between usability and security.  Gary reminds us that it's best to forget the end device and concentrate on protecting the data that flows across the network.  An additional, transparent layer of protection away from the device increases security for the business without impacting the usability of the application.

 

MASS Cross-Site Defacement

Ilya Chernyakov discusses the details of recent defacement attacks on many major websites.  F5's security team examined the issue and found that the attack was much simpler than initially expected.  The attackers took advantage of a popular customer identity platform called "GIGYA" to add an image of the Syrian Electronic Army (SEA) to these unsuspecting sites.  The attackers used social engineering techniques to log in to the GIGYA account on GoDaddy.com and then changed the DNS record to point to their webservers which contained a hostile JavaScript file that shows a popup window and a picture of the SEA banner.  Very interesting stuff...this one is a must see!

 

Node.js ABC’s - D is for Debugger

Joe Pruitt is nothing if not totally awesome.  This is the guy who invented iControl and wrote the iRule editor.  Simply put, when Joe speaks, we listen!  Joe has embarked on a "journey through the alphabet" to help us all learn about Node.js.  In this article, Joe reminds us that a good debugging tool is essential for making sure your code is functioning as expected.  Node.js is built on the JavaScript engine "V8" built for Google Chrome, and V8 includes an extensive debugging system.  Joe walks through the built-in console debugger and lists the various commands you will need when debugging your code.  He also discusses some third party solutions if you don't want to debug using the console.  Stay tuned for more excitement as Joe walks through the alphabet of Node.js awesomeness!

 

Published Dec 16, 2014
Version 1.0

Was this article helpful?

No CommentsBe the first to comment