Code, Java and Systems - Technology Performance Pulse

Find vulnerabilities in your code—don’t wait for someone to exploit them

Dynatrace

FEBRUARY 13, 2023

With the increasing amount of sensitive information stored and processed, it’s essential to ensure that systems are secure and protected against potential threats. The deep insights into application code provided by OneAgent® help track potentially vulnerable data flow within an application.

Code

Code Java Testing Tools Testing

Optimizing Java XPath CPU and memory overhead by 98%

Dynatrace

MARCH 9, 2022

The system saw up to 800 application requests per second – far more than anticipated. More worrisome was a spike in CPU usage, resulting in severe service disruption as backend processing systems crashed due to the spike in load. Therefore, it was unsurprising to see a huge spike in traffic for Family Visa enrollment via Metrash.

Java

Java Traffic Government Code

Strace Revisited: Simple Is Beautiful

DZone

FEBRUARY 6, 2024

In the realm of system debugging, particularly on Linux platforms, strace stands out as a powerful and indispensable tool. Its simplicity and efficacy make it the go-to solution for diagnosing and understanding system-level operations, especially when working with servers and containers.

Java

Java Servers Systems Code

Handling Flaky Unit Tests in Java

Uber Engineering

JUNE 15, 2021

Unit testing forms the bedrock of any Continuous Integration (CI) system. It warns software engineers of bugs in newly-implemented code and regressions in existing code, before it is merged. It also … The post Handling Flaky Unit Tests in Java appeared first on Uber Engineering Blog.

Java

Java Testing Software Engineering Engineering

Kubernetes Observability: Code Profiling With Flame Graphs

Percona

OCTOBER 12, 2023

It shows which code paths are more busy on the CPU in given samples. An example of a flame graph can be found below: Each box is a function in the stack, and wider boxes mean more time the system was busy on CPU on these functions. Flame graphs are a graphical representation of function calls.

Code

Code Tuning C++ Benchmarking

Why the supposedly fixed CVE-2020-36641 vulnerability is still exploitable—And what to do about it

Dynatrace

JANUARY 23, 2024

In May 2023 the critical vulnerability CVE-2020-36641 in the Java library aXMLRPC was published in the National Vulnerability Database (NVD). To what extent attacks are possible depends on the Java version and other environmental factors. xml version="1.0"?> > <!DOCTYPE DOCTYPE foo [<!ENTITY

Java

Java Servers Code Software

The anatomy of the Spring4Shell vulnerability and how to prevent its effects—and those of similar vulnerabilities

Dynatrace

APRIL 14, 2022

Because 60% of developers use Spring for their Java applications , many applications are potentially affected. With a critical CVSS rating of 9.8 , Spring4Shell leaves affected systems vulnerable to remote code execution (RCE). Further, the report lists Tomcat as the most popular Java application server.

Java

Java Servers Code Open Source

Fully automatic code level monitoring and extended version support for AIX

Dynatrace

SEPTEMBER 7, 2019

In April of this year, we released a long-awaited GA version of the full-stack OneAgent for the IBM AIX operating system. AIX is considered to be one of the core operating systems used by our largest customers. Fully automatic deep code monitoring module injection. TL9 SP9 (see details below). Deployment of OneAgent on AIX 6.1

Code

Code Monitoring Java Operating System

Log4j 2 Vulnerability: Identifying and Minimizing Production Risk

Dynatrace

DECEMBER 12, 2021

It results in remote code execution (RCE) by submitting a specially composed request. In summary, the Log4Shell exploit allows an attacker to instruct the vulnerable system to download, and subsequently execute, a malicious command. Java processes with public-facing internet exposures are an easy target for this type of abuse.

Java

Java Internet Internet Database

Protect your organization against zero-day vulnerabilities

Dynatrace

AUGUST 3, 2022

Malicious attackers have gotten increasingly better at identifying vulnerabilities and launching zero-day attacks to exploit these weak points in IT systems. A zero-day exploit is a technique an attacker uses to take advantage of an organization’s vulnerability and gain access to its systems.

Java

Java Traffic Benchmarking Strategy

Handling flaky unit tests in Java

Uber Engineering

JUNE 15, 2021

Unit testing forms the bedrock of any Continuous Integration (CI) system. It warns software engineers of bugs in newly-implemented code and regressions in existing code, before it is merged. It also … The post Handling flaky unit tests in Java appeared first on Uber Engineering Blog.

Java

Java Testing Software Engineering Engineering

Open Sourcing the Netflix Domain Graph Service Framework: GraphQL for Spring Boot

The Netflix TechBlog

FEBRUARY 3, 2021

By open-sourcing the project, we hope to contribute to the Java and GraphQL communities and learn from and collaborate with everyone who will be using the framework to make it even better in the future. The transition to the new federated architecture meant that many of our backend teams needed to adopt GraphQL in our Java ecosystem.

Open Source

Open Source Java Architecture Metrics

Log4Shell vulnerability: Identifying and minimizing production risk

Dynatrace

DECEMBER 12, 2021

It results in remote code execution (RCE) by submitting a specially composed request. In summary, the Log4Shell vulnerability allows an attacker to instruct the vulnerable system to download, and subsequently execute, a malicious command. Java processes with public-facing internet exposures are an easy target for this type of abuse.

Java

Java Internet Internet Database

Dynatrace with industry consortium submits OpenFeature standard as CNCF sandbox project

Dynatrace

MAY 19, 2022

They enable product delivery and SRE teams to turn functionality on and off at runtime without deploying new code. This decoupling of code deployment from feature release is a crucial enabler for modern Continuous Delivery practices. Proprietary SDKs create adoption challenges. SDKs are lightweight, developer friendly, and flexible.

Java

Java Cloud Code Technology

Application observability meets developer observability: Unlock a 360º view of your environment

Dynatrace

NOVEMBER 6, 2023

Application observability helps IT teams gain visibility in their highly distributed systems, but what is developer observability and why is it important? The scale and the highly distributed systems result in enormous amounts of data. They also care about infrastructure: SREs require system visibility and incident management.

Development

Development DevOps Programming Cloud

Enhanced AI model observability with Dynatrace and Traceloop OpenLLMetry

Dynatrace

DECEMBER 4, 2023

By using OpenLLMetry and Dynatrace, anyone can get complete visibility into their system, including gen-AI parts with 5 minutes of work.” As the collected data seamlessly integrates with your Dynatrace environment, you can analyze LLM metrics, spans, and logs in the context of all traces and code-level information.

Open Source

Open Source Latency Metrics Java

InfoSec 2022 guide: How DevSecOps practices drive organizational resilience

Dynatrace

JUNE 13, 2022

Open source code, for example, has generated new threat vectors for attackers to exploit. Considering open source software (OSS) libraries now account for more than 70% of most applications’ code base, this threat is not going anywhere anytime soon. Cloud operations and observability boost resilience for American Family – blog.

Open Source

Open Source DevOps Java Innovation

What is Log4Shell? The Log4Shell vulnerability explained (and what to do about it)

Dynatrace

DECEMBER 16, 2021

Since December 10, days after a critical vulnerability known as Log4Shell was discovered in servers supporting the game Minecraft, millions of exploit attempts have been made of the Log4j 2 Java library, according to one team tracking the impact, with potential threat to millions more applications and devices across the globe.

Internet

Internet Internet Games Java

What is vulnerability management? And why runtime vulnerability detection makes the difference

Dynatrace

AUGUST 18, 2022

But managing the breadth of the vulnerabilities that can put your systems at risk is challenging. According to the 2022 CISO Research Report , only 25% of respondents’ security teams “can access a fully accurate, continuously updated report of every application and code library running in production in real-time.”

Traffic

Traffic Java Network DevOps

AI-driven analysis of Spring Micrometer metrics in context, with typology at scale

Dynatrace

APRIL 7, 2022

One of these solutions is Micrometer which provides 17+ pre-instrumented JVM-based frameworks for data collection and enables instrumentation code with a vendor-neutral API. Spring Boot, on the other hand, is a Java framework for building cloud-native Java applications. Here’s how it works. of Micrometer.

Metrics

Metrics Latency Java Cache

Black Hat 2023: Pairing causal AI and generative AI for cybersecurity threats

Dynatrace

AUGUST 7, 2023

Developers use generative AI to find errors in code and automatically document their code. They can also use generative AI for cybersecurity, write prototype code, and implement complex software systems. But managing the breadth of the vulnerabilities that can put your systems at risk is challenging.

DevOps

DevOps Analytics Best Practices Java

Understanding, detecting and localizing partial failures in large system software

The Morning Paper

MARCH 15, 2020

Understanding, detecting and localizing partial failures in large system software , Lou et al., Partial failures ( gray failures ) occur when some but not all of the functionalities of a system are broken. Here are the key findings: Partial failures appear throughout the release history of each system, 54% within the last three years.

Systems

Systems Software Software Programming

OneAgent release notes version 1.237

Dynatrace

APRIL 1, 2022

Added automatic detection of the WebSphere Liberty server name based on the Java command line. Starting with this release, we support PHP code module on Linux ARM64 (AArch64). Starting with this release, we support Apache code module on Linux ARM64 (AArch64). Operating systems. Added support for OpenTelemetry agent 1.0-1.11.

Operating System

Operating System Java Google Servers

Why vulnerability management enhances your cloud application security strategy

Dynatrace

JANUARY 21, 2022

Log4Shell is a software vulnerability in Apache Log4j 2 , a popular Java library for logging error messages in applications. Without a centralized approach to vulnerability management, DevSecOps teams waste time figuring out how a vulnerability affects the production environment and which systems to fix first. Contextual insight.

Strategy

Strategy Cloud Open Source DevOps

OneAgent release notes version 1.231

Dynatrace

JANUARY 9, 2022

Impact : This issue affects only those extensions that use native libraries called from Python code distributed with the extension. Operating systems. Future Dynatrace OneAgent operating systems support changes. The following operating systems will no longer be supported starting 01 March 2022. x – 2.12.x.

Operating System

Operating System Google Java Virtualization

Advance DevSecOps practices with a vulnerability management strategy

Dynatrace

FEBRUARY 1, 2022

Consider the Log4Shell vulnerability , which emerged in December 2021 and is estimated to have affected hundreds of millions of systems worldwide. The vulnerability is located in Log4j 2, an open-source Apache Java software used to run logging services in a host of front-end and backend applications.

Strategy

Strategy Games DevOps Open Source

OneAgent release notes version 1.229

Dynatrace

NOVEMBER 22, 2021

It affects only those extensions that use native libraries called from Python code distributed with the extension. Operating systems. Future Dynatrace OneAgent operating systems support changes. The following operating systems will no longer be supported starting 01 February 2022. Impact : This issue will rarely happen.

Operating System

Operating System Java Metrics Google

Dynatrace and Google unleash cloud-native observability for GKE Autopilot

Dynatrace

AUGUST 30, 2023

The CSI pod is mounted to application pods using an overlay file system. The CSI pod offers a prepared file system, mounted automatically, and includes unzipped agent binaries to every application pod. In this case, Davis found that a Java Spring Micrometer metric Failed Deliveries is highly correlated with CPU spikes.

Google

Google Cloud Innovation Infrastructure

Why software supply chain attacks are increasing

Dynatrace

JULY 29, 2022

One such software supply chain attack reared its head in late 2021, with the Log4Shell vulnerability , which affected millions of live applications using Java libraries. The compromised software can then compromise customer data or IT systems. According to one survey, supply chain attacks on open source software increased 650% in 2021.

Software

Software Software Open Source DevOps

Dynatrace Application Security boosts BizDevSecOps for Kubernetes

Dynatrace

FEBRUARY 10, 2021

In cloud-native application stacks, everything is code. Dynatrace entered the Application Security market with automatic and continuous protection for Java workloads. and Java are the most popular languages within Kubernetes environments. Automatic vulnerability detection for Kubernetes platform versions.

Java

Java Open Source Engineering Database

Dynatrace Application Security detects and blocks attacks automatically in real-time

Dynatrace

FEBRUARY 10, 2022

They are part of continuous delivery pipelines and examine code to find vulnerabilities. There is another critical element that needs to be addressed: how do you protect applications against attacks exploiting vulnerabilities while DevSecOps teams simultaneously try to resolve those issues in the code ? How to get started.

Traffic

Traffic Benchmarking Innovation Java

How Dynatrace uses Dynatrace to combat the Log4j vulnerability (Log4Shell)

Dynatrace

JANUARY 13, 2022

Log4Shell is a software vulnerability in Apache Log4j 2 , a popular Java library for logging information in applications. The vulnerability enables a remote attacker to execute arbitrary code on a service on the internet if the service runs certain versions of Log4j 2. Coordination and communication. Coordination and communication.

Social Media

Social Media Strategy Media Java

Black Hat 2022 highlights zero-day attacks as key theme

Dynatrace

AUGUST 2, 2022

Malicious attackers have gotten increasingly adept at identifying vulnerabilities and launching attacks to exploit these weak points in IT systems. But they also need a better strategy to address these attacks if they have IT systems and live applications that are already compromised. Learn how security improves DevOps.

DevOps

DevOps Strategy Open Source Java

AI-driven analysis of Spring Micrometer metrics in context, with topology at scale

Dynatrace

APRIL 7, 2022

One of these solutions is Micrometer which provides 17+ pre-instrumented JVM-based frameworks for data collection and enables instrumentation code with a vendor-neutral API. Spring Boot, on the other hand, is a Java framework for building cloud-native Java applications. Here’s how it works. of Micrometer.

Metrics

Metrics Latency Java Cache

AI-driven analysis of Spring Micrometer metrics in context, with topology at scale

Dynatrace

APRIL 7, 2022

One of these solutions is Micrometer which provides 17+ pre-instrumented JVM-based frameworks for data collection and enables instrumentation code with a vendor-neutral API. Spring Boot, on the other hand, is a Java framework for building cloud-native Java applications. Here’s how it works. of Micrometer.

Metrics

Metrics Latency Java Cache

Log4Shell highlights need for secure digital transformation with observability, vulnerability management

Dynatrace

FEBRUARY 8, 2022

It left the applications, systems, and IT infrastructure of millions of organizations open to widespread exploitation. This zero-day vulnerability enables a remote attacker to take control of a device or Internet-based application if the device or app runs certain versions of Log4j 2, a popular Java library.

Healthcare

Healthcare Transportation Innovation Games

Mastering MongoDB® Timeout Settings

Scalegrid

DECEMBER 14, 2023

MongoDB’s Java and Ruby drivers have this parameter set to 10 seconds by default – if there is no established connection or a new link within that time frame then it gives up on trying. x+ in Java). We have provided some sample code below to illustrate the timeout configuration in Java and Ruby.

Java

Java Network Servers Database

RSA 2022 guide: DevSecOps transformation with runtime vulnerability management

Dynatrace

MAY 23, 2022

Because data is more distributed and teams collaborate globally with cloud-based applications, IT teams struggle to keep up with the vulnerabilities that threaten these systems. Instead, they need to enlist software intelligence to monitor their systems end to end to identify and prioritize remediation efforts.

Strategy

Strategy Innovation Cloud Serverless

The road to observability with OpenTelemetry demo part 1: Identifying metrics and traces

Dynatrace

MAY 17, 2023

Anyone who’s concerned with developing, delivering, and operating software knows the importance of making software and the systems it runs on observable. While classic logging is an essential tool in debugging issues, it often lacks context and only provides snapshot information of one specific location in your code/application.

Metrics

Metrics Open Source Traffic Cache

RSA Guide 2023: Cloud application security remains core challenge for organizations

Dynatrace

APRIL 11, 2023

Log4Shell required many organizations to take devices and applications offline to prevent malicious attackers from gaining access to IT systems and sensitive data. As a result, organizations need to be vigilant in identifying and addressing vulnerabilities to protect their systems and data.

Cloud

Cloud DevOps Open Source Retail

White Box Testing – Guide, Tools, and Techniques

Testlodge

MARCH 15, 2023

White box testing is a software testing approach based on an analysis of the internal structure of the component or system. Internal structure may include code, architecture, integrations, and data flows of a system. The more code is tested, the less likely it is to have defects, and any defects found will have less severity.

Testing

Testing Testing Tools Java Programming

Coloring Flame Graphs: Code Hues

Brendan Gregg

JULY 30, 2017

I recently improved flame graph code coloring. Code-type coloring was a regex hack that took five minutes. In late 2014 I was modifying the JDK to preserve the frame pointer so that traditional stack walkers and profilers would work (an example of the problem is here , where Java methods lack ancestry). And that's what I coded.

Code

Code Java C++ Website

On Technique

O'Reilly

AUGUST 9, 2022

GitHub Copilot (based on a model named Codex , which is derived from GPT-3) generates code in a number of programming languages, based on comments that the user writes. Going in the other direction, GPT-3 has proven to be surprisingly good at explaining code. But it’s obvious where this is trending. But I don’t know if that’s true.

Programming

Programming Java C++ Design

OneAgent release notes version 1.199

Dynatrace

AUGUST 24, 2020

Operating systems. Upcoming Operating systems support changes. The following operating systems will no longer be supported starting 01 November 2020. The following operating systems will no longer be supported starting 01 December 2020. The following operating systems will no longer be supported starting 01 January 2021.

Java

Java Operating System Infrastructure Metrics

Find vulnerabilities in your code—don’t wait for someone to exploit them

Optimizing Java XPath CPU and memory overhead by 98%

Trending Sources

Strace Revisited: Simple Is Beautiful

Handling Flaky Unit Tests in Java

Kubernetes Observability: Code Profiling With Flame Graphs

Why the supposedly fixed CVE-2020-36641 vulnerability is still exploitable—And what to do about it

The anatomy of the Spring4Shell vulnerability and how to prevent its effects—and those of similar vulnerabilities

Fully automatic code level monitoring and extended version support for AIX

Log4j 2 Vulnerability: Identifying and Minimizing Production Risk

Protect your organization against zero-day vulnerabilities

Handling flaky unit tests in Java

Open Sourcing the Netflix Domain Graph Service Framework: GraphQL for Spring Boot

Log4Shell vulnerability: Identifying and minimizing production risk

Dynatrace with industry consortium submits OpenFeature standard as CNCF sandbox project

Application observability meets developer observability: Unlock a 360º view of your environment

Enhanced AI model observability with Dynatrace and Traceloop OpenLLMetry

InfoSec 2022 guide: How DevSecOps practices drive organizational resilience

What is Log4Shell? The Log4Shell vulnerability explained (and what to do about it)

What is vulnerability management? And why runtime vulnerability detection makes the difference

AI-driven analysis of Spring Micrometer metrics in context, with typology at scale

Black Hat 2023: Pairing causal AI and generative AI for cybersecurity threats

Understanding, detecting and localizing partial failures in large system software

OneAgent release notes version 1.237

Why vulnerability management enhances your cloud application security strategy

OneAgent release notes version 1.231

Advance DevSecOps practices with a vulnerability management strategy

OneAgent release notes version 1.229

Dynatrace and Google unleash cloud-native observability for GKE Autopilot

Why software supply chain attacks are increasing

Dynatrace Application Security boosts BizDevSecOps for Kubernetes

Dynatrace Application Security detects and blocks attacks automatically in real-time

How Dynatrace uses Dynatrace to combat the Log4j vulnerability (Log4Shell)

Black Hat 2022 highlights zero-day attacks as key theme

AI-driven analysis of Spring Micrometer metrics in context, with topology at scale

AI-driven analysis of Spring Micrometer metrics in context, with topology at scale

Log4Shell highlights need for secure digital transformation with observability, vulnerability management

Mastering MongoDB® Timeout Settings

RSA 2022 guide: DevSecOps transformation with runtime vulnerability management

The road to observability with OpenTelemetry demo part 1: Identifying metrics and traces

RSA Guide 2023: Cloud application security remains core challenge for organizations

White Box Testing – Guide, Tools, and Techniques

Coloring Flame Graphs: Code Hues

On Technique

OneAgent release notes version 1.199

Stay Connected