chronicles
2 TopicsThe DevCentral Chronicles Volume 1, Issue 4
If you missed our initial issues of the DC Chronicles, you can catch up with the links at the bottom. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue. Welcome! Like last month, we’re digging the OWASP Top 10 #Lightboard series from @JohnWagnon. He wrapped it up this month with numbers 9 & 10 - Using Components With Known Vulnerabilities and Insufficient Logging and Monitoring. To give you a sense of how these have been received, YouTube viewer Sanket Kamath says, ‘Thank you for the excellent overview for all of the OWASP Top 10 2017! John made it really easy to understand each of the 10 attacks with his explanation!’ Check out the entire playlist! Speaking of LightBoard Lessons, we had a few fantastic ones this past month. John took on lighting up the GitHub DDoS Attack and Explaining the Spectre and Meltdown Vulnerabilities while Jason gave us the OSI and TCP/IP Models and What Are Containers? I added SAML IdP and SP on One BIG-IP to round out our videos. On the Security front, we had a bunch of great articles covering a mess, and I mean a mess of stuff. The mess was some new vulnerabilities and our Security Researchers had the mitigations for many including Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270), Drupal Core SA-CORE-2018-002 Remote Code Execution Vulnerability and Jackson-Databind - A Story of Blacklisting Java Deserialization Gadgets. We also learned how to Protect your AWS API Gateway with F5 BIG-IP WAF, how to configure F5 BIG-IP as an Explicit Forward Web Proxy Using Secure Web Gateway (SWG) and how to set up ADFS Proxy Replacement on F5 BIG-IP. The Cloud folks will love Lori’s Three Types of Load Balancing You Meet in the Cloud, DNS Admins will dig Eric’s Unbreaking the Internet and Converting Protocols and Coders will enjoy Jason’s Debugging API calls with the python sdk and Satoshi’s iControl REST Fine-Grained Role Based Access Control. And, we couldn’t let this Chronicle pass without mentioning an awesome @haveibeenpwned #Pwned Passwords Check #CodeShare from MVP Niels van Sluis. This snippet makes it possible to use @troyhunt ‘Pwned Passwords’ API to check if the password has been exposed. See it here: http://bit.ly/2GOhi1y And wrapping up, a wonderful contributor Daniel Varela is DevCentral's Featured Member for April and F5 Agility is coming to Boston, MA this August! As always, You can stay engaged with @DevCentral by following us on Twitter, joining our LinkedIn Group or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures. ps Previous Volume 1, Issue 1 Volume 1, Issue 2 Volume 1, Issue 3380Views0likes0CommentsThe DevCentral Chronicles Volume 1, Issue 3
If you missed our initial issues of the DC Chronicles, catch up on January Issue 1 and February Issue 2. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed over the last month. Welcome! Kicking off this issue is the OWASP Top 10 and the #Lightboard series from @JohnWagnon. Not to be confused with Matthew McConaughey, John drops numbers 6-7-8 of the Top 10 recently. He lights up Security Misconfiguration, Cross Site Scripting and Insecure Deserialization this time around and we have a YouTube Playlist to catch them all. Great series and only two more to go! One of the most popular articles over the last couple weeks was @dholmesf5 The Top Ten Hardcore F5 Security Features in BIG-IP 13! Always a fun read, David dives in to some of the coolest security functionality in BIG-IP v13 along with sharing some personal stories. David is a master at weaving in personal plight with information security so don’t miss it. Have you jumped on the #SuperNetOps bandwagon yet? Wondering how it can help you move into the #DevOps realm? We have a section dedicated to Super NetOps and recently, @JasonRahm added a FAQ to help you get past the hump. We’ve also posted a couple mitigations to some recent vulnerabilities. Security researcher Gal Goldshtein shares how to mitigate the Oracle Tuxedo "JOLTandBLEED" vulnerability (CVE-2017-10269) along with the Jenkins Unsafe Deserialization Vulnerability (CVE-2017-1000353). Gal offers step-by-step instructions on how to set it up on BIG-IP ASM. Also for ASM this month, Nir Ashkenazi shared a couple new Ready Templates, one for SharePoint 2016 and one for Drupal 8. Both help you simplify the configuration process and secure those applications. Rounding out this issue of the Chronicles has Robbie Stahl covering BIG-IP VE on VMware for Custom Properties and an Ansible Deployment; I write up some goodness on F5’s Application Connector; And, Hannes Rapp is our Featured Member for March. Hannes is an Independent F5 Engineering Consultant focusing on BIG-IP ASM and LTM. According to Hannes, 'if you combine these two modules, you have the best of F5 product portfolio. One without another is incomplete BIG-IP.' We wouldn’t argue that. As always, You can stay engaged with @DevCentral (and watch how we create our LightBoard Lessons), join our LinkedIn Group or subscribe to our YouTube Channel. Look forward to hearing about your BIG-IP adventures. ps317Views0likes0Comments