Technical Article DevCentral Top5 07/03/2012 July 03, 2012 by Colin Walker 2911 article apm dev development hardware irules management monitoring owasp security top5 us 0 It's fourth of July eve here in the states, and all of the children are aflutter, waiting to see if the fireworks fairy is going to bring them extra treats to set on fire tomorrow. (also, that's a fake thing I totally just made up). Despite tomorrow being a holiday celebrated by colored explosions, controlled flames and ... sparklers; the DevCentral Crew (team no longer adequately depicts my affection for this diverse group of people who, in fact, span multiple teams, "DC Crew" is hereby coined) has been paying far more attention to things that don't explode. Things such as documents, media and blogs to help you, the intrepid DC user, tap into all that is good and right with F5 technology. As such, I've selected another set of 5 tasty morsels on which you shall dine in this week's edition of the DC Top5. The Top5 in which apparently, when I call out the CEO as being a reader, he actually responds to make sure I know he's watching. But you know, no pressure or anything. On that bombshell (see what I did there?) and without further delay, bon appétit: DevOps Guru Panel http://bit.ly/LLz1lR Continuing on with what is quickly becoming a quite successful DevCentral tradition, the team rallied and has produced another Guru Panel. The brain child of April, an oft unsung hero on the DC crew as her work is largely behind the scenes, the Guru Panel is a way in which you, the community, can directly interact with some experts on a given subject. We set up a live stream, a chat interface, and we get together to geek out over whatever topic is at hand. This time through we talked about DevOps, which is not only quite germane to DevCentral but also timely, given the recent push to the cloud we've undergone. DevOps, as you'll hear in the video, is the idea of creating a cross-functional team that keeps delivering the application to the users in the forefront, despite whether that's the app, the network, or anything in between. This is an emerging trend that we're big fans of here in DC land, and whether you're just dipping your toes in the DevOps pool or already doing laps, this isn't a bad way to see what others in the community are thinking about or doing in the same regard. It was a good time producing, and I think it's a solid listen, too. HTTP Event Order - Access Policy Manager http://bit.ly/P1Zwqx One of the most requested bits of iRules documentation, before it existed, was a list of the logical flow of events within an iRule. Something that gave users a guide to reference which events happened when, where to put their iRules code to get the result they wanted, etc. That has long existed now, but as more and more iRules features are created, especially surrounding additional modules, more events come along with them, and that means the need for more understanding of which comes when. Fortunately, Jason has put together an awesome guide to Access Policy Manager's iRules events. In this easy to follow walk through he shows you (with pretty pictures and everything!) exactly what to expect when coding up your powerful APM iRules. He details each event, talks about how they play together and basically gives you the nitty gritty on exactly what you need to do to wield the power of APM iRules for good and not evil. Take a look for yourself and be enlightened in the ways of APM iRule-fu. F5 Security on Owasp Top 10: Broken Authentication and Session Management http://bit.ly/Nqgx6o In this installation of the Owasp Top10, Josh goes through "Broken Authentication and Session Management", which he goes on to define, but you'll have to read the article to get the official word from Mr. Security. Basically the idea is that people are able to use soft spots in auth or security mechanisms in applications to break in and do some not so good things. Fortunately the entire purpose of this series is for Josh to walk you through exactly how to mitigate these attacks. He does so in this case with some ASM tutelage. After walking through the complete setup to reproduce the vulnerability, and the attack in question, you can see exactly what it is within ASM that helps prevent this particular attack. Breaking down a complex, robust product like ASM into simple, screen shot riddled walk throughs like this not only shows off what is possible, but makes it easy to consume. This is a great series, and I'm already eager for the next installment. Deploying WebSphere SIP Container and BIG-IP http://bit.ly/KPssL0 Nojan has the pleasure of announcing some awesome guidance surrounding the IBM WebSphere & F5 integrated efforts. We've been playing nice with this particular deployment for a while now, but there's some fancy prescribed guidance now that will help connect the dots, as it were. By deploying this solution you can save CPU, gain better monitoring and insight into your deployment, and gain persistence based on some SIP specific bits. Any time I get a chance to show off the results of one of our many awesome partnerships, I'm a fan. This is no exception, as the benefits of allowing powerful technologies to work seamlessly together are quickly apparent. Take a look and see for yourself, then click through and check out the guidance on developerWorks. 20 Lines or Less #58: Spaces, Logging and Info http://bit.ly/N52oPA My old friend, the 20 Lines or Less, is back again this week. One of these days maybe I'll stop featuring this in my Top 5. Also - maybe some day pigs will fly, down will be up, and the sky will be green. I'm a sucker for cool iRules and the 20LoL is consistently a source of exactly that. This week there's even a peek at a command that is so new it's yet to be fully documented. Ooooh...ahhhhh! I know, I know, you're impressed. As well you should be! There aren't many times that the forums are so geeky that they start talking about commands that haven't even properly hit DevCentral yet. That's soon to be remedied, but in the meantime, check out the 20LoL for this and other examples of iRules hawesomeness. And that wraps up another Top5. If you've got questions, comments, things to add to DevCentral or other various and sundry geek bits, feel free to drop me a line. Feedback is always more than welcome. last modified: July 03, 2012 0 Comment(s): You must be logged in to post comments.