F5 SSL Labs A+

Update: 09/10/2018

SSLLabs have changed its requirements for cipher suites. The new cipher string is:


So I’m going to make a how to about something I’m not sure I agree with, but because it seems to be a big hit nowadays, I’ll do it anyway. Qualys’ SSL labs website. I love to be secure, and I want everybody to be secure on the website. The aggregate amount of lost time and problems people have due to unencrypted information must be enormous, but I get a bit annoyed with how the SSL labs website is now dictating how we do our security /End soapbox. Continue reading “F5 SSL Labs A+”

F5 303 Study Guide – Part 1

F5 303 Study Guide – Part 1

Objective 1

In recent years, we’ve seen a lot of attacks on web applications, compromising a lot of data including PII, PHI and username/password combinations, which become feeds for phishing and other attacks. Check out the article I put together on what is a waf and why should I have one to look into some specifics, but I think today its not a question of will we be attacked with a web presence, to when have we been attacked, and were they successful?

Continue reading “F5 303 Study Guide – Part 1”

Becoming an ASM F5 Certified Engineer

I recently decided to start going through the F5 certification series. I’ve taken 101 Application Delivery Fundamentals, 201 TMOS administration, and 303 ASM Technology Specialist exams. I’m now one of about 3000 F5 certified engineers world wide – and I’m pretty happy about that. I’m in the category that holding certifications doesn’t prove one way or another whether you’re able to develop and maintain a  system in the real world, but it does prove though that you’re willing to go the extra mile to take the exam and prove a level of knowledge and grasp of the topics. We all know the further you get away from the school and college times of having to take an exam every other week, the harder it gets to actually sit down and take a test!

Continue reading “Becoming an ASM F5 Certified Engineer”