DevCentral

Hosted by F5 DevCentral Community

Episodes

Language

About the show

DevCentral is F5's online Community of Technical Peers dedicated to learning, exchanging ideas, and solving problems – Together. We host audio podcasts created by our Community, for our Community.

Listen to episodes

60 recent

June 10, 202532 min

Unlocking the Secrets of Formal Verification in WebAssembly | Ep 19 | WebAssembly Unleashed

Join hosts Joel Moses, Oscar Spencer, and Matt Yacobucci as they dive deep into the world of formal verification with special guest Chris Fallin. In this episode of WebAssembly Unleashed, the team discusses the importance of formal verification in software development, particularly for WebAssembly. Chris, a co-author of the Cranelift compiler and Mozilla alum, explains the concept of formal verification, its significance, and how it can be applied to ensure software correctness and security. The conversation covers a range of topics including type safety, the use of SMT solvers, the challenges in formally verifying compilers, and the potential role of AI in generating formally verified code. Don't miss this insightful discussion if you're keen to learn about cutting-edge techniques to make software more reliable and secure. 00:00 Welcome to WebAssembly Unleashed 00:57 Community Updates 01:41 Guest Introduction: Chris Fallin 02:18 What is formal verification and why is it important? 03:10 Formal Verification in WebAssembly 06:28 Challenges and Real-World Applications 07:52 Tools and Techniques for Verification 20:22 Future Directions and Broader Implications 28:21 AI and Formal Verification 30:44 Lack of Formal Verification Consequences Did you miss the WebAssembly Unleashed episode 16 with Bruce Gain? Check it out here: https://youtu.be/Gjd8l1Sz9qY?si=QGixwObXJgvex9DS For more from F5's Office of the CTO visit the following sites: Blogs - https://www.f5.com/company/octo Reports - https://www.f5.com/services/resources/reports Meet Your Hosts: Joel Moses | https://www.linkedin.com/in/joelmoses/ | https://community.f5.com/users/joel_moses/398372 Oscar Spencer | https://twitter.com/oscar_spen | https://www.linkedin.com/in/oscarspen/ Matthew Yacobucci | https://www.linkedin.com/in/matthew-yacobucci-323b4b2/

May 12, 202542 min

WebAssembly's SpecTec | Ep 18 | WebAssembly Unleashed

Joins hosts Joel Moses and Oscar Spencer as they delve into the world of WebAssembly with special guest Andreas Rossberg, co-designer of the WebAssembly specification. Andreas shares insights on SpecTec, a domain-specific language designed to streamline and verify the WebAssembly specification. The discussion covers the evolution of SpecTec, its impact on WebAssembly proposals, and future possibilities for its application. Additionally, Andreas discusses his background in functional programming, challenges in compiler development, and the surprising uses of WebAssembly in the tech ecosystem. Whether you're a novice or a seasoned developer, this episode offers a comprehensive look into the future of WebAssembly and its growing influence in technology. Chapters: 00:00 Welcome to WebAssembly Unleashed 01:20 Exciting WebAssembly Developments 02:34 Special Guest: Andreas Rossberg 04:35 Functional Programming Insights 11:37 WebAssembly Specification and SpecTec 22:02 Test Matrix Generation for WebAssembly 23:49 Will SpecTec make WebAssembly proposals move any faster? 24:57 Reference Interpreter and Meta Interpreter 27:56 SpecTec's Potential Applications 30:54 Comparing SpecTec with Other Tools 32:34 Motivation and Commitment to WebAssembly and SpecTec 36:10 Surprising Uses and Future of WebAssembly 39:38 What area should the WebAssembly community work on next? For more from F5's Office of the CTO visit the following sites: Blogs - https://www.f5.com/company/octo Reports - https://www.f5.com/services/resources/reports Meet Your Hosts: Joel Moses | https://www.linkedin.com/in/joelmoses/ | https://community.f5.com/users/joel_moses/398372 Oscar Spencer | https://twitter.com/oscar_spen | https://www.linkedin.com/in/oscarspen/ Matthew Yacobucci | https://www.linkedin.com/in/matthew-yacobucci-323b4b2/

May 2, 202531 min

AI, Red Teaming, and Post-Quantum Cryptography: Key Insights from RSA 2025

Join Aubrey and Byron at RSA Conference 2025 as they dive into transformative topics like artificial intelligence, red teaming strategies, and post-quantum cryptography. From exploring groundbreaking OWASP sessions to analyzing emerging AI threats, this episode highlights key insights that shape the future of cybersecurity. Discover the challenges in red team AI testing, the implications of APIs in multi-cloud environments, and how quantum-resistant cryptography is rising to meet AI-driven threats. Don't miss this exciting recap of RSA 2025! 00:00 Introduction 00:47 Personal Conference Highlights 03:07 PQC Meanderings 05:44 AI Red Teaming 11:21 OWASP Compass / CISO Checklist 13:03 A Prompt Injection Tale 14:03 Protect Your System Prompts 15:00 Beyond The Hype Cycle? 17:17 From The Show Floor 19:03 Dreadnode Dyana Sandbox 21:35 More From The Floor 22:53 Deepfakes 25:38 The Allure Of Using Obvious AI 26:22 Gonna Take Crucible For A Spin 27:12 Final Conference Thoughts 30:45 Outro

April 28, 202530 min

Tackling CVE Chaos, Parquet Tool Insights, and EU Cyber Resilience Act Unpacked

🔒 Welcome to this week’s episode of AppSecNow, the DevCentral podcast dedicated to all things application security! 🚨 This week, we unpack critical updates including: 💥 A zero-day SAP CVE with a CVSS score of 10—what it means, how it's being exploited, and what you can do to defend against it. 🛠️ A groundbreaking Parquet tool from F5 Labs that simplifies vulnerability testing for critical supply chain security issues. Link: https://github.com/F5-Labs/parquet-canary-exploit-rce-poc-CVE-2025-30065 🌍 The EU Cyber Resilience Act—what it means for manufacturers, open-source stewards, and secure-by-design initiatives. Learn how AppSec professionals leverage cutting-edge tools and protocols to tackle some of the biggest challenges in software security today. Whether you're prepping for RSA or managing zero trust architectures, this episode is packed with actionable insights! ✅ Like, subscribe, and follow to keep up with the latest in application security. 00:00 Introduction 02:20 Parquet Tool 06:30 VulnCon 2025 09:09 EU Cyber Resilience Act 16:45 CVE Program Chaos 20:29 Pay Your Tolls! 27:17 SAP Critical Vulnerability 29:18 Outro

April 25, 202537 min

LLMs And Trust, Google A2A Protocol And The Cost Of Politeness In AI: AI Friday

It's AI Friday and we're diving into the world of artificial intelligence like never before! 🎩 On this Hat Day edition (featuring NFL draft banter), we discuss fascinating topics like LLMs (Large Language Models) and their trust—or lack thereof—in humanity, Google's innovative Agent-to-Agent (A2A) protocol, and how politeness towards AI incurs millions in operational costs. We also touch on pivotal AI conversations around zero trust, agentic AI, and the dynamic collapse of traditional control and data planes. Join us as we dissect how AI shapes the future of human interaction, enterprise-level security, and even animal communication. Don't miss out on this engaging, informative, and slightly chaotic conversation about cutting-edge advancements in AI. Remember to like, subscribe, and share with your community to ensure you never miss an episode of AI Friday! 00:00 Introduction 02:23 What Do LLMs Think Of Us? 15:26 At What Cost, Politeness? 25:33 Google Agent2Agent Protocol 35:57 Outro

April 21, 202536 min

EV Car Hacking, AI-Generated Passports, & Japan’s Active Cyber Defense Bill

Join Merlyn Chase, MegaZone, and Aubrey on this week’s AppSec Now podcast as they dive into the latest topics in application security! 🚀 From the recent B-Sides Seattle conference to critical discussions on EV car hacking, cybersecurity quandaries, AI-generated passports bypassing KYC, and Japan’s groundbreaking Active Cyber Defense Bill—you don’t want to miss this one. Plus, learn how AppSecNow is keeping you ahead with insights by F5 Labs and the F5 Security Incident Response Team. Stay informed, stay secure—like, subscribe, and follow for all things AppSec! 00:00 Introduction 03:10 EV Car Hacking 12:25 AI Generated Passports 21:35 LLMs Do Not Trust Humans 28:31 Japan's Active Cyber Defense Bill 34:19 Outro

April 18, 202536 min

2025 Top AI Use Cases, AI For Nuclear Safety & CaMeL Prompt Injection Fixes

It's AI Friday! This week, we unpack the latest AI news and trends, including the top AI use cases for 2025, intriguing new developments from OpenAI, AI in nuclear safety with PG&E (what could possibly go wrong?), novel defenses against prompt injection attacks with CaMeL, and even LLM-powered conversations with dolphins. Join Aubrey, Joel, Ken, and Byron as they blend in-depth insights with good-natured humor. Don't miss out—like and subscribe for your weekly infusion of AI amazement! 00:00 Introduction 01:37 2025 Top AI Use Cases 09:55 Models Thinking With Images 10:47 Break Glass In Case Of SkyNet 15:14 PG&E - AI In Nuclear Reactor 21:48 Can A CaMeL Fix Prompt Injection? 29:16 DolphinGemma LLM?? 35:39 Outro

April 14, 202535 min

Amazon EC2 SSRF Breach, Oracle Cloud Breach & Malicious NPM Packages Exposed

Join our AppSec experts—Merlyn, Malcolm, MegaZone, and host Chase Abbott—as they dig into some of the latest stories shaking up the cybersecurity world. This week's AppSec Now explores an active campaign targeting Amazon EC2 instance metadata via SSRF vulnerabilities, and why that's a wider-reaching problem than you might think. We discuss Oracle's controversial handling of their cloud breach and the impact of trust in the disclosure process. Also in the mix: malicious NPM packages deployed by North Korean hackers, a sneaky Golang malware employing "click-fix" tactics for crypto theft, and a critical Apache Parquet remote code execution bug rated CVSS 10.0—but how worried should we really be? 🔗 Relevant Links Here: https://community.f5.com/kb/security-insights/oracle-hack-north-korean-hackers-critical-flaw-in-apache/340708 00:00 Introduction 04:01 F5 Labs: AWS EC2 SSRF 10:44 Oracle Cloud Breach 16:44 Verizon iOS App Exposure 20:23 BeaverTail Malware via NPM 24:43 Golang Ghost Malware 28:34 Apache Parquet RCE - CVSS 10 !!! 34:12 Outro

April 11, 202554 min

Google Ironwood TPU, OpenAI Operator and Cybersecurity Challenges for 2025 Ep.15

Gear up for another deep dive! In this episode of AI Friday, we've got the crew—Aubrey, Joel, Byron, and Pete—ready to unpack the latest in AI technology and hardware. Join us as we break down Google's groundbreaking Ironwood TPU, exploring its impressive potential and the math behind AI acceleration. We'll also examine OpenAI's brand-new Agent, Operator, discussing how effectively it can handle real-world tasks and possible security implications. As we look ahead, we dissect the cybersecurity threats anticipated for 2025, from ransomware to AI-powered attacks, and explore how defenders might keep pace with rapidly evolving threats. Grab your thinking caps and coffee—it's time for another deep dive into the world of AI. 00:00 Introduction 02:15 AI hardware fundamentals explained 13:28 Ironwood TPU 21:29 NVIDIA's Dynamo 31:05 OpenAI Operator 40:37 CyberSec challenges for 2025 53:02 Outro

April 10, 202541 min

The Future of WebAssembly Garbage Collection | Ep 17 | WebAssembly Unleashed

Join Joel Moses, Oscar Spencer, and Matt Yacobucci as they discuss the latest news and recent developments in WebAssembly, such as Zig 0.140 and projects like running Linux inside a PDF file. This episode features special guest Nick Fitzgerald, a notable contributor to WasmTime and CraneLift, who explains the concept of garbage collection in programming. The discussion covers garbage collection in the context of WebAssembly, diving into algorithms, their implications, and challenges in implementation. They also touch upon the future of WebAssembly in embedded systems and the broader applications of these technologies in various programming languages like Java and Python. Don't miss this engaging and informative episode! Chapters: 00:00 Welcome to WebAssembly Unleashed 00:57 What's interesting this week in WebAssembly? 02:12 Linux PDF: A WebAssembly Feat 03:29 Understanding Garbage Collection with guest Nick Fitzgerald 05:20 Reference Counting vs Tracing Garbage Collection A Unified Theory of Garbage Collection paper: https://courses.cs.washington.edu/courses/cse590p/05au/p50-bacon.pdf 7:22 What's driving the push to get GC into WebAssembly right now? 10:25 What makes Garbage Collection implementation so difficult? 12:09 Challenges in Garbage Collection Implementation 15:19 Are you bound by the language runtime GC or by the Wasm runtime? 19:32 Challenges in Type Systems Implementation 22:59 Object-Oriented Hierarchies and Python 24:34 Garbage Collection Proposal Insights 31:35 Will the end users have extra work? 32:50 Can GC help with Ahead of time Compiling? 35:11 Fuzz Testing and Bug Fixing 36:05 Custom Page Size Proposal 38:03 Future of Garbage Collection Algorithms Did you miss the WebAssembly Unleashed episode with Gilad Bracha? Check it out here: What WebAssembly can learn from JAVA’s history | Ep5 | WebAssembly Unleashed https://youtu.be/BQjTShpa8VM?si=S4sHWZeRqVIbCdn_ For more from F5's Office of the CTO visit the following sites: Blogs - https://www.f5.com/company/octo Reports - https://www.f5.com/services/resources/reports Meet Your Hosts: Joel Moses | https://www.linkedin.com/in/joelmoses/ | https://community.f5.com/users/joel_moses/398372 Oscar Spencer | https://twitter.com/oscar_spen | https://www.linkedin.com/in/oscarspen/ Matthew Yacobucci | https://www.linkedin.com/in/matthew-yacobucci-323b4b2/