Forum Discussion
Chris, I understand the challenge here. What you can do is have a dynamic tag which changes daily (or weekly or monthly - whatever suits you). Not quite OTP, but easy to manage and set up.
The way to achieve it is to write an iRule which takes the current date and mixes it with some "secret" "salt" value and then hashes the result using a hashing function (e.g. MD5 or SHA1 or whatever your security requirement to a hashing function is).
For example (let's assume the secret is "cdjac0bsen")
we take today's date 20171018 and add the secret (e.g. concatenate with a dash):
"20171018-cdjac0bsen"
then the above value is hashed using md5. It produces "d39cb5a222be728dddd1ff3adc480cb5" - you can simply give this token to your pentesters - this token will be valid for the whole day.
Tomorrow the token will change to: 81e20431312f37d6572651d242f2521a (md5 of "20171019-cdjac0bsen").
The iRule will compare the token value received in header X-SCAN-TESTING with this calculated value. If they match - it is a valid pentester, if they mismatched - it is a hacker or someone using an old/stolen token.
Hope this helps,
Sam