The DevCentral Chronicles Volume 1, Issue 4

If you missed our initial issues of the DC Chronicles, you can catch up with the links at the bottom. The Chronicles are intended to keep you updated on DevCentral happenings and highlight some of the cool content you may have missed since the last issue. Welcome!

Like last month, we’re digging the OWASP Top 10 #Lightboard series from @JohnWagnon. He wrapped it up this month with numbers 9 & 10 - Using Components With Known Vulnerabilities and Insufficient Logging and Monitoring. To give you a sense of how these have been received, YouTube viewer Sanket Kamath says, ‘Thank you for the excellent overview for all of the OWASP Top 10 2017! John made it really easy to understand each of the 10 attacks with his explanation!’ Check out the entire playlist!

Speaking of LightBoard Lessons, we had a few fantastic ones this past month. John took on lighting up the GitHub DDoS Attack and Explaining the Spectre and Meltdown Vulnerabilities while Jason gave us the OSI and TCP/IP Models and What Are Containers? I added SAML IdP and SP on One BIG-IP to round out our videos.

On the Security front, we had a bunch of great articles covering a mess, and I mean a mess of stuff. The mess was some new vulnerabilities and our Security Researchers had the mitigations for many including Spring Framework Spring-Messaging Remote Code Execution (CVE-2018-1270), Drupal Core SA-CORE-2018-002 Remote Code Execution Vulnerability and Jackson-Databind - A Story of Blacklisting Java Deserialization Gadgets.

We also learned how to Protect your AWS API Gateway with F5 BIG-IP WAF, how to configure F5 BIG-IP as an Explicit Forward Web Proxy Using Secure Web Gateway (SWG) and how to set up ADFS Proxy Replacement on F5 BIG-IP.

The Cloud folks will love Lori’s Three Types of Load Balancing You Meet in the Cloud, DNS Admins will dig Eric’s Unbreaking the Internet and Converting Protocols and Coders will enjoy Jason’s Debugging API calls with the python sdk and Satoshi’s iControl REST Fine-Grained Role Based Access Control.

And, we couldn’t let this Chronicle pass without mentioning an awesome @haveibeenpwned #Pwned Passwords Check #CodeShare from MVP Niels van Sluis. This snippet makes it possible to use @troyhunt ‘Pwned Passwords’ API to check if the password has been exposed. See it here: http://bit.ly/2GOhi1y
And wrapping up, a wonderful contributor Daniel Varela is DevCentral's Featured Member for April and F5 Agility is coming to Boston, MA this August!

As always, You can stay engaged with @DevCentral by following us on Twitter, joining our LinkedIn Group or subscribing to our YouTube Channel. Look forward to hearing about your BIG-IP adventures.

ps

Previous

• Volume 1, Issue 1
• Volume 1, Issue 2
• Volume 1, Issue 3

F5 Agility is coming to Boston, MA this August!

The DevCentral team will be at F5’s largest user conference to date! Will you?

Now's the time to register for F5 Agility 2018 in Boston, MA August 13-16. Early Bird registration knocks $300 off your registration fee!

What's F5 Agility all about?

Besides an opportunity to meet fellow community peers, solution partners, and F5 experts, we’ll have

Breakouts!
Breakout sessions at Agility focus on the latest technologies, applications, and architecture strategies. The technical breakout sessions at Agility range from beginner to advanced, enabling you to select classes that best meet your needs. Additionally, you can choose from sessions in multiple tracks or use the recommended learning paths to focus on specific areas that matter most to you. Last year we had 62 hours, this year we’re expanding to 150+ hours of technical breakouts, including dedicated Spanish-language sessions.

Sample learning paths:

• Application Security
• Application Delivery
• Access Management
• Service Provider
• Programmability
• Cloud Solutions
• Automation and Orchestration
• Super-NetOps

Labs!
We have expanded lab offerings to a total of 80 hands-on lab sessions. Our comprehensive 4- or 8-hour labs will address a wide variety of installation, troubleshooting, and networking technologies across a variety of environments. The instructor-led classes also provide an opportunity to gain valuable knowledge in preparation for F5 Certification exams.

New for 2018, Agility will have a room dedicated to self-paced labs that are shorter and/or more targeted. Attendees will have the opportunity to go through these labs at their own pace, with instructors available to assist with any questions. All self-paced labs will be available on a first-come, first-served basis.

Certifications!
Are you getting started? Already F5 Certified? We’ll have F5 Certification exams running throughout the week. Be sure to sign up in advance in order to guarantee your seat.

And you can Meet the Experts

If the structured programs still leave you wanting more, we will have experts available to answer questions at the DevCentral booth during the Solutions Expo hours, as well as two breakout rooms dedicated to walk-in help for iRules and all things Programmability. If you are not yet a member of DevCentral, you can sign up on-site.

Also at Agility 2018

Solutions Expo
The core of the conference, our Solutions Expo brings together the various aspects of the F5 ecosystem. Learn what works where with whom, and meet solutions experts from all avenues.

Geek Fest
Lab attendees get a chance to rub elbows with each other and presenters over food, drinks, and (sometimes unconventional) activities.

F5 Connects Women
Women leaders from both F5 and our partners join to discuss the perspectives women bring to tech, as well as the influence we can have when our potential is realized.

5K Fun Run
Grab your runners and discover Boston by foot on a beautiful, urban run through the city with fellow attendees. DevCentral’s own John Wagnon leads this one!

For more information on reserving your place, go to F5 Agility 2018

We look forward to seeing you in Boston!

DevCentral's Featured Member for April - Daniel Varela

Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most active folks.

Daniel Varela has been one of those engaged members and amassed 374 points in February alone! Answering bunches of questions about SAML, SSO, Cookies and more, we're proud to name Daniel as our Featured Member for April.

DevCentral: Hi Daniel and thanks for helping many of our members! Please explain to the DC community a little about yourself, what you do and why it’s important.

Daniel: I am an ADC/GSLB/WAF SME currently working for Centrica PLC. My job entails load balancing applications, availability and security. My work experience is mainly around network security. I chose to work in security because you never get bored of it, there is always something new to learn which is what I love. I have been actively working with F5 devices for the last 10 years. I still remember when I first heard about iRules, I was really impressed with the possibilities it provided. Additionally, with a BIG-IP you can learn about a lot of technologies: HTTP, TLS, DNS, SAML, OAuth, Web acceleration, Web Application Firewall… I am probably missing technologies here but you get the idea. This is one of the reasons I am working with F5, fun is guaranteed.

DC: You are a former F5 employee (2014-17) and continue to be a very active contributor in the DevCentral community. What keeps you involved?

DV: I have always thought (and I always say to my customers) that DevCentral makes a difference in respect to any other vendor. The amount of information someone can find there is incredible and if what you are looking for is not there you just have to ask, people from all around the world will help you to do whatever you want to do (event the craziest things), there is always an iRule for that 😊. For this reason I like to participate as much as I can, I have found a lot of help there and I feel like I have to return the favor (and it is also fun to see what people are trying to do with F5).

DC: Tell us a little about the areas of BIG-IP expertise you have and your F5 Certifications. Why are these important and how have they helped with your career?  

DV: My experience with F5 has been pretty much with all the modules: LTM, ASM, APM, GTM, AFM, Silverline and a bit of WebSafe. I was an F5 consultant for 3 years meaning it gave me a great opportunity to learn a lot about all those modules. This provided me with a lot of knowledge and helped me to get the F5 Certification F5-CSE Security. I would recommend to everyone to make an effort and get it, in my experience companies really value this accreditation.

DC: Describe one of your biggest BIG-IP challenges and how DevCentral helped in that situation.

DV: The biggest challenges for me have always been around BIG-IP APM. APM is probably the module which you can expand on the most, some things are not there by default but with the help of iRules you always find a way to get what you need. The last challenge was to expand SAML IDP capabilities by providing step-up authentication using authentication contexts available in the protocol itself. It may sound simple but just because how APM and SAML is designed it was tricky.

DC: Lastly, if you weren’t an IT admin – what would be your dream job? Or better, when you were a kid – what did you want to be when you grew up?

DV: Finally, I have always wanted to work in IT but if I wasn’t doing this I think I would be a fireman. I love sports and being active so I think it’s a job I could do.

Thanks Daniel! Check out all of Daniel's DevCentral contributions and connect with him on LinkedIn.

If there is a DevCentral member you think should be featured, let us know in the comments section!