SlideShare uma empresa Scribd logo

Monitoring Java Application Security with JDK Tools and JFR Events.pdf

Ana-Maria Mihalceanu
Ana-Maria Mihalceanu

Learn how JDK Flight Recorder, JDK Mission Control and JFR Security Events can help monitoring security of your Java application so that you can detect potential safety risks.

Tecnologia
1 de 35
Baixar para ler offline
Ana-Maria Mihalceanu Senior Developer Advocate Monitoring Java Application Security with JDK Tools and JFR Events
Java Champion Alumni Senior Developer Advocate at Oracle Twitter: @ammbra1508 Mastodon: @ammbra1508.mastondon.social Ana-Maria Mihalceanu Hello! I am Ana 2 Java Day Copyright © 2024, Oracle and/or its affiliates
Agenda • JFR Security Events Overview • Observing JDK Security Properties • Monitoring TLS Protocol • Analysing X.509 certificates • Continuous Monitoring in the Cloud Java Day Copyright © 2024, Oracle and/or its affiliates 3
Goal Learn how JDK Flight Recorder, JDK Mission Control and JFR Security Events can help monitoring security of your Java application so that you can detect potential safety risks. Java Day Copyright © 2024, Oracle and/or its affiliates 4
JFR Security Events Overview Java Day Copyright © 2024, Oracle and/or its affiliates 5
JDK Flight Recorder(JFR) Events • When running a Java application, JFR can collect events that occur in the JVM. • JFR Events express the state of the application and underlying JVM. • For profiling, store event data in a .jfr file. Java Day Copyright © 2024, Oracle and/or its affiliates 6 Event ID Timestamp Duration Thread ID Stack Trace ID Event Specific Payload JFR Event Components
JDK Flight Recorder(JFR) Security Events NAME GOAL BACKPORTED TO ENABLED BY DEFAULT* jdk.InitialSecurityProperty For insights on initial JDK security properties. Oracle JDK 17.0.7 and 11.0.20 Yes jdk.SecurityPropertyModification Records Security.setProperty(Strin g key, String value) calls. Oracle JDK 11.0.5 and 8u231 No jdk.SecurityProviderService Records service provider method invocations. JDK 17.0.8, 11.0.22 and 8u391 No jdk.TLSHandshake Keeps track of TLS handshake activity. Oracle JDK 11.0.5 and 8u231 No jdk.X509Certificate Records details of X.509 Certificates. Oracle JDK 11.0.5 and 8u231 No jdk.X509Validation Records details of X.509 certificates negotiated in successful X.509 validation. Oracle JDK 11.0.5 and 8u231 No 7 Java Day Copyright © 2024, Oracle and/or its affiliates * In default.jfc and profile.jfc shipped within a JDK
Observing JDK Security Properties Java Day Copyright © 2024, Oracle and/or its affiliates 8
Ways to observe initial security properties • Initial security properties set statically in the $JAVA_HOME/conf/security file. • Dynamically set security properties via java.security.Security methods. • Print the initial security properties java -Djava.security.debug=properties • Record jdk.InitialSecurityProperty JFR event • Enable JFR recording java -XX:StartFlightRecording:settings=default,duration=60s • Or start a flight recording by connecting to the running application from JDK Mission Control Java Day Copyright © 2024, Oracle and/or its affiliates 9
How to trace security properties changes? Java Day Copyright © 2024, Oracle and/or its affiliates 10
Have jdk.SecurityPropertyModification enabled in JFR configuration. $JAVA_HOME/bin/jfr configure jdk.SecurityPropertyModification#enabled=true Start a JFR recording when launching the application. java -XX:StartFlightRecording:settings=default,duration=60s Inspect the recording with jcmd or JDK Mission Control. Complete view of changes over JDK security properties 11 Java Day Copyright © 2024, Oracle and/or its affiliates
Extra tips to observe security properties • Configure more JFR events by adding a space between each setting $JAVA_HOME/bin/jfr configure event1#enabled=true event2#enabled=false • Setup jdk.SecurityPropertyModification when launching the JVM java -XX:StartFlightRecording:settings=default,duration=60s,+jdk.SecurityPropertyModification#enabled=true • Set more JFR events when launching the JVM, separated by comma java -XX:StartFlightRecording:settings=default,duration=60s,+event1#enabled=true,+event2#enabled=false • Configure each JFR event from JDK Mission Control (JMC) • Create a connection to a running JVM (-XX:StartFlightRecording is not mandatory in this scenario) • In JMC menu, select File > Connection... > [Select one running JVM] > Start Flight Recording • Configure each JDK Security event • Inspect the evolution of captured events in JMC • Event Browser > Java Development Kit > Security Java Day Copyright © 2024, Oracle and/or its affiliates 12
Java Day Copyright © 2024, Oracle and/or its affiliates 13
Monitoring TLS Protocol Java Day Copyright © 2024, Oracle and/or its affiliates 14
Confidentiality: protect sensitive data/information from unauthorized users. encryption/decryption Authenticity: ability to identify a user/system before communicating information. certificate authorities/digital certificates Message integrity: identify the unauthorized modification of data during transit. message digests/signing Why is SSL/TLS important? 15 Java Day Copyright © 2024, Oracle and/or its affiliates
Capture TLS protocol information • Use a network protocol analyzer tool. • Attach the tool to the network interface where the JVM communicates. • Look for "Server Hello" record to determine TLS version used on a particular socket. • A Java developer friendly way: inspect debug logs. java -Djavax.net.debug=ssl:handshake • Get more filtered logging via: java -Djavax.net.debug=ssl:handshake:verbose:keymanager:trustmanager • Configure jdk.TLSHandshake JFR event to get essential TLS information. Java Day Copyright © 2024, Oracle and/or its affiliates 16
"ServerHello": { "server version" : "TLSv1.2", "random" : "8B9226A071E9418850BE24838F42FDAF7422A07FDE62CB7D510FBF59E8E88F78", "session id" : "CF0AB2C10ED94F56C8FA0214E7BD2C378352E66D29543B321AB7878A72304E47", "cipher suite" : "TLS_AES_128_GCM_SHA256(0x1301)", "compression methods" : "00", "extensions" : [ "supported_versions (43)": { "selected version": [TLSv1.3] }, "key_share (51)": { "server_share": { "named group": x25519 "key_exchange": { 0000: 60 36 B3 39 35 71 9F F0 16 93 1E 96 87 FB 65 6E `6.95q........en 0010: 44 1B C6 D8 9B 67 83 52 85 D9 C0 00 FC D6 1D 24 D....g.R.......$ } }, } ] } An example of a ServerHello record captured in logs 17 Java Day Copyright © 2024, Oracle and/or its affiliates
Start a recording while jdk.TLSHandshake is enabled as well. java -XX:StartFlightRecording:settings=default,duration=60s, +jdk.TLSHandshake#enabled=true,+jdk.TLSHandshake#stackTrace=true Switch jdk.TLSHandshake options to true in JFR configuration file. Run jfr configure command in a terminal window. jfr configure jdk.TLSHandshake#enabled=true jdk.TLSHandshake#stackTrace=true Capture protocol details by enabling jdk.TLSHandshake 18 Java Day Copyright © 2024, Oracle and/or its affiliates
Local demo setup overview Running TicTacToe locally Monitor with JDK tools Spring Boot application with JDK 22 Keystore 19 Java Day Copyright © 2024, Oracle and/or its affiliates Truststore Client Certificate #local.ext file authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = springboot IP.1 = 127.0.0.1
# start a recording jcmd llvmid JFR.start duration=60s filename=/tmp/TLS.jfr # use jfr print command $JAVA_HOME/bin/jfr print --events "TLS*" /tmp/TLS.jfr jdk.TLSHandshake { startTime = 12:55:27.396 (2024-03-03) peerHost = "google.com" peerPort = 443 protocolVersion = "TLSv1.3" cipherSuite = "TLS_AES_128_GCM_SHA256" certificateId = 587815551 eventThread = "tomcat-handler-15" (javaThreadId = 93, virtual) stackTrace = [ sun.security.ssl.Finished.recordEvent(SSLSessionImpl) line: 1165 sun.security.ssl.Finished$T13FinishedConsumer.onConsumeFinished(ServerHandshakeContext, ByteBuffer) line: 1138 ... ] } Inspect TLS handshakes with jcmd and JFR 20 Java Day Copyright © 2024, Oracle and/or its affiliates
Analysing X.509 Certificates Java Day Copyright © 2024, Oracle and/or its affiliates 21
Importance of X.509 certificates • Bind an identity to a public key using a digital signature. • Enable secure communication and transaction between two parties. • Establish trust based on a series of fields: • version • serial number • signature (algorithm ID and parameters) • issuer name • validity period • subject name • subject public key (and associated algorithm ID) Java Day Copyright © 2024, Oracle and/or its affiliates 22
# use keytool to query certificates in JDK truststore $JAVA_HOME/bin/keytool -cacerts -list –v # use keytool to query certificates in a keystore keytool -v -list -keystore /path/to/keystore # configure the debug system properties to print verbose X.509 certificate information java -Djava.security.debug=certpath -Djavax.net.debug=all View certificate details 23 Java Day Copyright © 2024, Oracle and/or its affiliates
# switch the jdk.X509Certificate and jdk.X509Validation options to true in your JFR configuration file <event name="jdk.X509Certificate"> <setting name="enabled">true</setting> <setting name="stackTrace">true</setting> </event> <event name="jdk.X509Validation"> <setting name="enabled">true</setting> <setting name="stackTrace">true</setting> </event> # or run jfr configure command in a terminal window $JAVA_HOME/bin/jfr configure jdk.X509Certificate#enabled=true jdk.X509Validation#enabled=true # or enable the options on application launch java -XX:StartFlightRecording:settings=default,jdk.X509Certificate#enabled=true,+jdk.X509Validation#enabled=true Enable relevant details about X.509 certificates in JFR 24 Java Day Copyright © 2024, Oracle and/or its affiliates
Show recorded details about X.509 Certificates. $JAVA_HOME/bin/jfr print --events jdk.X509Certificate /tmp/cert.jfr Run your application with -XX:StartFlightRecording flag and have jdk.X509Certificate and jdk.X509Validation options enabled. Execute a diagnostic command via jcmd. jcmd llvmid JFR.start duration=60s filename=/tmp/cert.jfr Capture details on X.509 certificates with jcmd and JFR 25 Java Day Copyright © 2024, Oracle and/or its affiliates
$JAVA_HOME/bin/jfr print --events “jdk.X509Certificate” /tmp/cert.jfr jdk.X509Certificate { startTime = 09:59:25.672 (2022-11-10) algorithm = "SHA1withRSA" serialNumber = "18dad19e267de8bb4a2158cdcc6b3b4a" subject = "CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US" issuer = "CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US" keyType = "RSA" keyLength = 2048 certificateId = 303010488 validFrom = 00:00:00.000 (2006-11-08) validUntil = 23:59:59.000 (2036-07-16) eventThread = "main" (javaThreadId = 1) stackTrace = [ sun.security.jca.JCAUtil.tryCommitCertEvent(Certificate) line: 126 java.security.cert.CertificateFactory.generateCertificate(InputStream) line: 356 ... ] } Example output of recorded details 26 Java Day Copyright © 2024, Oracle and/or its affiliates
Continuous Monitoring in the Cloud Java Day Copyright © 2024, Oracle and/or its affiliates 27
JDK Flight Recorder provides rich, structured data, and API support to event streams. Until JDK 16, developers could monitor a Java process on a remote host and control what is recorded via JDK Mission Control. Since JDK 16, you can transfer recorded events programmatically, as they occur, over the network using javax.management.MBeanServerConnection. Streaming JFR events 28 Java Day Copyright © 2024, Oracle and/or its affiliates
String host = "com.example"; int port = 7091; String url = "service:jmx:rmi:///jndi/rmi://" + host + ":" + port + "/jmxrmi"; JMXServiceURL u = new JMXServiceURL(url); JMXConnector c = JMXConnectorFactory.connect(u); MBeanServerConnection connection = c.getMBeanServerConnection(); try (RemoteRecordingStream stream = new RemoteRecordingStream(connection)) { stream.enabled("jdk.X509Certificate").withStackTrace(); stream.onEvent("jdk.X509Certificate", System.out::println), stream.start(); } Monitor a remote host using a MBeanServerConnection 29 Java Day Copyright © 2024, Oracle and/or its affiliates
CompositeMeterRegistry metricsRegistry = Metrics.globalRegistry; try (var es = EventStream.openRepository()) { es.onEvent("jdk.X509Validation", recordedEvent -> { Gauge.builder("jdk.X509Validation", recordedEvent, e -> e.getLong("validationCounter")) .description("X509 Certificate Validation Counter").register(metricsRegistry); }); es.start(); } catch (IOException e) { throw new RuntimeException("Couldn't process event", e); } Stream JFR events actively and within process 30 Java Day Copyright © 2024, Oracle and/or its affiliates
Evolving the demo setup Oracle Cloud 31 Java Day Copyright © 2024, Oracle and/or its affiliates Run podman compose with TicTacToe in Oracle Cloud Instance Monitor with JDK tools Spring Boot application with JDK 22 Keystore Player Monitoring tool (Prometheus) Configuration Volume Volume Java Management Service
Oracle Cloud service that helps manage and reduce total cost of ownership of Java deployments running on-premise (desktop, laptop, server) or in the cloud (OCI and non-OCI clouds). Visibility Discover, manage and patch your Java deployments across the enterprise Insight Telemetry data from the JVM to analyze configuration, security, performance, compliance, and efficiency Automation Security Analysis Migration Analysis Optimizing JVM tuning Java Management Service (JMS) 32 Java Day Copyright © 2024, Oracle and/or its affiliates
Let’s play and observe! Java Day Copyright © 2024, Oracle and/or its affiliates 33
Stay tuned for more! Java Day Copyright © 2024, Oracle and/or its affiliates 34 Inside.java Dev.java youtube.com/java
Useful links • Monitoring Java Application Security with JDK tools and JFR Events: https://dev.java/learn/security/monitor/ • Stack Walker ep 2 on JFR https://inside.java/2023/05/14/stackwalker-02/ • Continuous monitoring with JDK Flight Recorder: https://www.infoq.com/presentations/monitoring-jdk-jfr/ • Code used during demo: https://github.com/ammbra/tictactoe • OCI Instance installation: https://www.anamihalceanu.com/post/building-a-cloud-compute-instance-with-java-concepts • Compose files in OCI: https://docs.oracle.com/en/learn/podman-compose/index.html#confirm-podman-compose-is-working • More articles on Java Management Service: https://inside.java/tag/cloud • Gunnar Morling’s article on custom JFR events: https://www.morling.dev/blog/rest-api-monitoring-with-custom-jdk-flight- recorder-events/ Java Day Copyright © 2024, Oracle and/or its affiliates 35

Recomendados

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
ASML_FlightRecorderMeetsJava.pdf
ASML_FlightRecorderMeetsJava.pdfASML_FlightRecorderMeetsJava.pdf
ASML_FlightRecorderMeetsJava.pdf
Miro Wengner
 
DevDays: Profiling With Java Flight Recorder
DevDays: Profiling With Java Flight RecorderDevDays: Profiling With Java Flight Recorder
DevDays: Profiling With Java Flight Recorder
Miro Wengner
 
Java mission control and java flight recorder
Java mission control and java flight recorderJava mission control and java flight recorder
Java mission control and java flight recorder
Wolfgang Weigend
 
SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE
Dr Anjan Krishnamurthy
 
Troubleshooting Tools In JDK
Troubleshooting Tools In JDKTroubleshooting Tools In JDK
Troubleshooting Tools In JDK
Poonam Bajaj Parhar
 
Diagnosing Your Application on the JVM
Diagnosing Your Application on the JVMDiagnosing Your Application on the JVM
Diagnosing Your Application on the JVM
Staffan Larsen
 
Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.
Alexandre (Shura) Iline
 

Recomendados

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
ASML_FlightRecorderMeetsJava.pdf
ASML_FlightRecorderMeetsJava.pdfASML_FlightRecorderMeetsJava.pdf
ASML_FlightRecorderMeetsJava.pdf
Miro Wengner
 
DevDays: Profiling With Java Flight Recorder
DevDays: Profiling With Java Flight RecorderDevDays: Profiling With Java Flight Recorder
DevDays: Profiling With Java Flight Recorder
Miro Wengner
 
Java mission control and java flight recorder
Java mission control and java flight recorderJava mission control and java flight recorder
Java mission control and java flight recorder
Wolfgang Weigend
 
SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE SSL/TLS implementation using JSSE
SSL/TLS implementation using JSSE
Dr Anjan Krishnamurthy
 
Troubleshooting Tools In JDK
Troubleshooting Tools In JDKTroubleshooting Tools In JDK
Troubleshooting Tools In JDK
Poonam Bajaj Parhar
 
Diagnosing Your Application on the JVM
Diagnosing Your Application on the JVMDiagnosing Your Application on the JVM
Diagnosing Your Application on the JVM
Staffan Larsen
 
Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.Java code coverage with JCov. Implementation details and use cases.
Java code coverage with JCov. Implementation details and use cases.
Alexandre (Shura) Iline
 
SFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance
SFBay Area Solr Meetup - June 18th: Benchmarking Solr PerformanceSFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance
SFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance
Lucidworks (Archived)
 
Java Flight Recorder Behind the Scenes
Java Flight Recorder Behind the ScenesJava Flight Recorder Behind the Scenes
Java Flight Recorder Behind the Scenes
Staffan Larsen
 
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Martin Toshev
 
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
Juarez Junior
 
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
Juarez Junior
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
 
Security Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java PlatformSecurity Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java Platform
Martin Toshev
 
JVMs in Containers - Best Practices
JVMs in Containers - Best PracticesJVMs in Containers - Best Practices
JVMs in Containers - Best Practices
David Delabassee
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
Ana-Maria Mihalceanu
 
Securing Kafka
Securing Kafka Securing Kafka
Securing Kafka
confluent
 
Kafka 2018 - Securing Kafka the Right Way
Kafka 2018 - Securing Kafka the Right WayKafka 2018 - Securing Kafka the Right Way
Kafka 2018 - Securing Kafka the Right Way
Saylor Twift
 
Kafka Security
Kafka SecurityKafka Security
Kafka Security
DataWorks Summit/Hadoop Summit
 
Dan Norris: Exadata security
Dan Norris: Exadata securityDan Norris: Exadata security
Dan Norris: Exadata security
Kyle Hailey
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
Harihara sarma
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
JPCERT Coordination Center
 
JMC/JFR: Kotlin spezial
JMC/JFR: Kotlin spezialJMC/JFR: Kotlin spezial
JMC/JFR: Kotlin spezial
Miro Wengner
 
Javantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin ToshevJavantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin Toshev
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
WebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL ConfigurationWebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL Configuration
Simon Haslam
 
Jetty TLS Troubleshooting
Jetty TLS TroubleshootingJetty TLS Troubleshooting
Jetty TLS Troubleshooting
RomanTeresch
 
Profiling Java inside containers with ContainerJFR | DevNation Tech Talk
Profiling Java inside containers with ContainerJFR | DevNation Tech TalkProfiling Java inside containers with ContainerJFR | DevNation Tech Talk
Profiling Java inside containers with ContainerJFR | DevNation Tech Talk
Red Hat Developers
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Ana-Maria Mihalceanu
 
Java 22 and Beyond- A Roadmap of Innovations
Java 22 and Beyond- A Roadmap of InnovationsJava 22 and Beyond- A Roadmap of Innovations
Java 22 and Beyond- A Roadmap of Innovations
Ana-Maria Mihalceanu
 

Mais conteúdo relacionado

Semelhante a Monitoring Java Application Security with JDK Tools and JFR Events.pdf

SFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance
SFBay Area Solr Meetup - June 18th: Benchmarking Solr PerformanceSFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance
SFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance
Lucidworks (Archived)
 
Java Flight Recorder Behind the Scenes
Java Flight Recorder Behind the ScenesJava Flight Recorder Behind the Scenes
Java Flight Recorder Behind the Scenes
Staffan Larsen
 
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Martin Toshev
 
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
Juarez Junior
 
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
Juarez Junior
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Martin Toshev
 
Security Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java PlatformSecurity Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java Platform
Martin Toshev
 
JVMs in Containers - Best Practices
JVMs in Containers - Best PracticesJVMs in Containers - Best Practices
JVMs in Containers - Best Practices
David Delabassee
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
Ana-Maria Mihalceanu
 
Securing Kafka
Securing Kafka Securing Kafka
Securing Kafka
confluent
 
Kafka 2018 - Securing Kafka the Right Way
Kafka 2018 - Securing Kafka the Right WayKafka 2018 - Securing Kafka the Right Way
Kafka 2018 - Securing Kafka the Right Way
Saylor Twift
 
Kafka Security
Kafka SecurityKafka Security
Kafka Security
DataWorks Summit/Hadoop Summit
 
Dan Norris: Exadata security
Dan Norris: Exadata securityDan Norris: Exadata security
Dan Norris: Exadata security
Kyle Hailey
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
Harihara sarma
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
JPCERT Coordination Center
 
JMC/JFR: Kotlin spezial
JMC/JFR: Kotlin spezialJMC/JFR: Kotlin spezial
JMC/JFR: Kotlin spezial
Miro Wengner
 
Javantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin ToshevJavantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin Toshev
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
WebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL ConfigurationWebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL Configuration
Simon Haslam
 
Jetty TLS Troubleshooting
Jetty TLS TroubleshootingJetty TLS Troubleshooting
Jetty TLS Troubleshooting
RomanTeresch
 
Profiling Java inside containers with ContainerJFR | DevNation Tech Talk
Profiling Java inside containers with ContainerJFR | DevNation Tech TalkProfiling Java inside containers with ContainerJFR | DevNation Tech Talk
Profiling Java inside containers with ContainerJFR | DevNation Tech Talk
Red Hat Developers
 

Semelhante a Monitoring Java Application Security with JDK Tools and JFR Events.pdf (20)

SFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance
SFBay Area Solr Meetup - June 18th: Benchmarking Solr PerformanceSFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance
SFBay Area Solr Meetup - June 18th: Benchmarking Solr Performance
 
Java Flight Recorder Behind the Scenes
Java Flight Recorder Behind the ScenesJava Flight Recorder Behind the Scenes
Java Flight Recorder Behind the Scenes
 
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
Security Architecture of the Java Platform (http://www.javaday.bg event - 14....
 
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
SevillaJUG - Unleash the power of your applications with Micronaut® ,GraalVM...
 
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
GeeCon Prague 2023 - Unleash the power of your applications with Micronaut®, ...
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
 
Security Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java PlatformSecurity Аrchitecture of Тhe Java Platform
Security Аrchitecture of Тhe Java Platform
 
JVMs in Containers - Best Practices
JVMs in Containers - Best PracticesJVMs in Containers - Best Practices
JVMs in Containers - Best Practices
 
From Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security EnhancementsFrom Java 17 to 21- A Showcase of JDK Security Enhancements
From Java 17 to 21- A Showcase of JDK Security Enhancements
 
Securing Kafka
Securing Kafka Securing Kafka
Securing Kafka
 
Kafka 2018 - Securing Kafka the Right Way
Kafka 2018 - Securing Kafka the Right WayKafka 2018 - Securing Kafka the Right Way
Kafka 2018 - Securing Kafka the Right Way
 
Kafka Security
Kafka SecurityKafka Security
Kafka Security
 
Dan Norris: Exadata security
Dan Norris: Exadata securityDan Norris: Exadata security
Dan Norris: Exadata security
 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
 
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...
 
JMC/JFR: Kotlin spezial
JMC/JFR: Kotlin spezialJMC/JFR: Kotlin spezial
JMC/JFR: Kotlin spezial
 
Javantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin ToshevJavantura v4 - Security architecture of the Java platform - Martin Toshev
Javantura v4 - Security architecture of the Java platform - Martin Toshev
 
WebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL ConfigurationWebLogic in Practice: SSL Configuration
WebLogic in Practice: SSL Configuration
 
Jetty TLS Troubleshooting
Jetty TLS TroubleshootingJetty TLS Troubleshooting
Jetty TLS Troubleshooting
 
Profiling Java inside containers with ContainerJFR | DevNation Tech Talk
Profiling Java inside containers with ContainerJFR | DevNation Tech TalkProfiling Java inside containers with ContainerJFR | DevNation Tech Talk
Profiling Java inside containers with ContainerJFR | DevNation Tech Talk
 

Mais de Ana-Maria Mihalceanu

Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Ana-Maria Mihalceanu
 
Java 22 and Beyond- A Roadmap of Innovations
Java 22 and Beyond- A Roadmap of InnovationsJava 22 and Beyond- A Roadmap of Innovations
Java 22 and Beyond- A Roadmap of Innovations
Ana-Maria Mihalceanu
 
Surveillance de la sécurité des applications Java avec les outils du JDK e...
Surveillance de la sécurité des applications Java avec les outils du JDK e...Surveillance de la sécurité des applications Java avec les outils du JDK e...
Surveillance de la sécurité des applications Java avec les outils du JDK e...
Ana-Maria Mihalceanu
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
Ana-Maria Mihalceanu
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Ana-Maria Mihalceanu
 
Java 21 Language Features and Beyond
Java 21 Language Features and BeyondJava 21 Language Features and Beyond
Java 21 Language Features and Beyond
Ana-Maria Mihalceanu
 
Java 21 and Beyond- A Roadmap of Innovations
Java 21 and Beyond- A Roadmap of InnovationsJava 21 and Beyond- A Roadmap of Innovations
Java 21 and Beyond- A Roadmap of Innovations
Ana-Maria Mihalceanu
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox A Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
Ana-Maria Mihalceanu
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
Ana-Maria Mihalceanu
 
A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf
Ana-Maria Mihalceanu
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
Ana-Maria Mihalceanu
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
Ana-Maria Mihalceanu
 
How Java 19 Influences the Future of Your High-Scale Applications .pdf
How Java 19 Influences the Future of Your High-Scale Applications .pdfHow Java 19 Influences the Future of Your High-Scale Applications .pdf
How Java 19 Influences the Future of Your High-Scale Applications .pdf
Ana-Maria Mihalceanu
 
The Automation Challenge Kubernetes Operators vs Helm Charts.pdf
The Automation Challenge Kubernetes Operators vs Helm Charts.pdfThe Automation Challenge Kubernetes Operators vs Helm Charts.pdf
The Automation Challenge Kubernetes Operators vs Helm Charts.pdf
Ana-Maria Mihalceanu
 
Exploring Quarkus on JDK 17
Exploring Quarkus on JDK 17Exploring Quarkus on JDK 17
Exploring Quarkus on JDK 17
Ana-Maria Mihalceanu
 
Cloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upCloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground up
Ana-Maria Mihalceanu
 
Cloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upCloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground up
Ana-Maria Mihalceanu
 
Cloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upCloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground up
Ana-Maria Mihalceanu
 
The automation challenge Kubernetes operators vs Helm charts
The automation challenge Kubernetes operators vs Helm chartsThe automation challenge Kubernetes operators vs Helm charts
The automation challenge Kubernetes operators vs Helm charts
Ana-Maria Mihalceanu
 
Cloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upCloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground up
Ana-Maria Mihalceanu
 

Mais de Ana-Maria Mihalceanu (20)

Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
 
Java 22 and Beyond- A Roadmap of Innovations
Java 22 and Beyond- A Roadmap of InnovationsJava 22 and Beyond- A Roadmap of Innovations
Java 22 and Beyond- A Roadmap of Innovations
 
Surveillance de la sécurité des applications Java avec les outils du JDK e...
Surveillance de la sécurité des applications Java avec les outils du JDK e...Surveillance de la sécurité des applications Java avec les outils du JDK e...
Surveillance de la sécurité des applications Java avec les outils du JDK e...
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance ToolboxA Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
Enhancing Productivity and Insight A Tour of JDK Tools Progress Beyond Java 17
 
Java 21 Language Features and Beyond
Java 21 Language Features and BeyondJava 21 Language Features and Beyond
Java 21 Language Features and Beyond
 
Java 21 and Beyond- A Roadmap of Innovations
Java 21 and Beyond- A Roadmap of InnovationsJava 21 and Beyond- A Roadmap of Innovations
Java 21 and Beyond- A Roadmap of Innovations
 
A Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox A Glance At The Java Performance Toolbox
A Glance At The Java Performance Toolbox
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
 
A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf A Glance At The Java Performance Toolbox-TIA.pdf
A Glance At The Java Performance Toolbox-TIA.pdf
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
 
A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf A Glance At The Java Performance Toolbox.pdf
A Glance At The Java Performance Toolbox.pdf
 
How Java 19 Influences the Future of Your High-Scale Applications .pdf
How Java 19 Influences the Future of Your High-Scale Applications .pdfHow Java 19 Influences the Future of Your High-Scale Applications .pdf
How Java 19 Influences the Future of Your High-Scale Applications .pdf
 
The Automation Challenge Kubernetes Operators vs Helm Charts.pdf
The Automation Challenge Kubernetes Operators vs Helm Charts.pdfThe Automation Challenge Kubernetes Operators vs Helm Charts.pdf
The Automation Challenge Kubernetes Operators vs Helm Charts.pdf
 
Exploring Quarkus on JDK 17
Exploring Quarkus on JDK 17Exploring Quarkus on JDK 17
Exploring Quarkus on JDK 17
 
Cloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upCloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground up
 
Cloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upCloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground up
 
Cloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upCloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground up
 
The automation challenge Kubernetes operators vs Helm charts
The automation challenge Kubernetes operators vs Helm chartsThe automation challenge Kubernetes operators vs Helm charts
The automation challenge Kubernetes operators vs Helm charts
 
Cloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground upCloud native resiliency patterns from the ground up
Cloud native resiliency patterns from the ground up
 

Último

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
saastr
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Jeffrey Haguewood
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
Dinusha Kumarasiri
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
Intelisync
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Jeffrey Haguewood
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
GDSC PJATK
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
saastr
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 

Último (20)

Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...
 
Azure API Management to expose backend services securely
Azure API Management to expose backend services securelyAzure API Management to expose backend services securely
Azure API Management to expose backend services securely
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024A Comprehensive Guide to DeFi Development Services in 2024
A Comprehensive Guide to DeFi Development Services in 2024
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
Letter and Document Automation for Bonterra Impact Management (fka Social Sol...
 
Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!Finale of the Year: Apply for Next One!
Finale of the Year: Apply for Next One!
 
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStrDeep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
Deep Dive: Getting Funded with Jason Jason Lemkin Founder & CEO @ SaaStr
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 

Monitoring Java Application Security with JDK Tools and JFR Events.pdf

  • 1. Ana-Maria Mihalceanu Senior Developer Advocate Monitoring Java Application Security with JDK Tools and JFR Events
  • 2. Java Champion Alumni Senior Developer Advocate at Oracle Twitter: @ammbra1508 Mastodon: @ammbra1508.mastondon.social Ana-Maria Mihalceanu Hello! I am Ana 2 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 3. Agenda • JFR Security Events Overview • Observing JDK Security Properties • Monitoring TLS Protocol • Analysing X.509 certificates • Continuous Monitoring in the Cloud Java Day Copyright © 2024, Oracle and/or its affiliates 3
  • 4. Goal Learn how JDK Flight Recorder, JDK Mission Control and JFR Security Events can help monitoring security of your Java application so that you can detect potential safety risks. Java Day Copyright © 2024, Oracle and/or its affiliates 4
  • 5. JFR Security Events Overview Java Day Copyright © 2024, Oracle and/or its affiliates 5
  • 6. JDK Flight Recorder(JFR) Events • When running a Java application, JFR can collect events that occur in the JVM. • JFR Events express the state of the application and underlying JVM. • For profiling, store event data in a .jfr file. Java Day Copyright © 2024, Oracle and/or its affiliates 6 Event ID Timestamp Duration Thread ID Stack Trace ID Event Specific Payload JFR Event Components
  • 7. JDK Flight Recorder(JFR) Security Events NAME GOAL BACKPORTED TO ENABLED BY DEFAULT* jdk.InitialSecurityProperty For insights on initial JDK security properties. Oracle JDK 17.0.7 and 11.0.20 Yes jdk.SecurityPropertyModification Records Security.setProperty(Strin g key, String value) calls. Oracle JDK 11.0.5 and 8u231 No jdk.SecurityProviderService Records service provider method invocations. JDK 17.0.8, 11.0.22 and 8u391 No jdk.TLSHandshake Keeps track of TLS handshake activity. Oracle JDK 11.0.5 and 8u231 No jdk.X509Certificate Records details of X.509 Certificates. Oracle JDK 11.0.5 and 8u231 No jdk.X509Validation Records details of X.509 certificates negotiated in successful X.509 validation. Oracle JDK 11.0.5 and 8u231 No 7 Java Day Copyright © 2024, Oracle and/or its affiliates * In default.jfc and profile.jfc shipped within a JDK
  • 8. Observing JDK Security Properties Java Day Copyright © 2024, Oracle and/or its affiliates 8
  • 9. Ways to observe initial security properties • Initial security properties set statically in the $JAVA_HOME/conf/security file. • Dynamically set security properties via java.security.Security methods. • Print the initial security properties java -Djava.security.debug=properties • Record jdk.InitialSecurityProperty JFR event • Enable JFR recording java -XX:StartFlightRecording:settings=default,duration=60s • Or start a flight recording by connecting to the running application from JDK Mission Control Java Day Copyright © 2024, Oracle and/or its affiliates 9
  • 10. How to trace security properties changes? Java Day Copyright © 2024, Oracle and/or its affiliates 10
  • 11. Have jdk.SecurityPropertyModification enabled in JFR configuration. $JAVA_HOME/bin/jfr configure jdk.SecurityPropertyModification#enabled=true Start a JFR recording when launching the application. java -XX:StartFlightRecording:settings=default,duration=60s Inspect the recording with jcmd or JDK Mission Control. Complete view of changes over JDK security properties 11 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 12. Extra tips to observe security properties • Configure more JFR events by adding a space between each setting $JAVA_HOME/bin/jfr configure event1#enabled=true event2#enabled=false • Setup jdk.SecurityPropertyModification when launching the JVM java -XX:StartFlightRecording:settings=default,duration=60s,+jdk.SecurityPropertyModification#enabled=true • Set more JFR events when launching the JVM, separated by comma java -XX:StartFlightRecording:settings=default,duration=60s,+event1#enabled=true,+event2#enabled=false • Configure each JFR event from JDK Mission Control (JMC) • Create a connection to a running JVM (-XX:StartFlightRecording is not mandatory in this scenario) • In JMC menu, select File > Connection... > [Select one running JVM] > Start Flight Recording • Configure each JDK Security event • Inspect the evolution of captured events in JMC • Event Browser > Java Development Kit > Security Java Day Copyright © 2024, Oracle and/or its affiliates 12
  • 13. Java Day Copyright © 2024, Oracle and/or its affiliates 13
  • 14. Monitoring TLS Protocol Java Day Copyright © 2024, Oracle and/or its affiliates 14
  • 15. Confidentiality: protect sensitive data/information from unauthorized users. encryption/decryption Authenticity: ability to identify a user/system before communicating information. certificate authorities/digital certificates Message integrity: identify the unauthorized modification of data during transit. message digests/signing Why is SSL/TLS important? 15 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 16. Capture TLS protocol information • Use a network protocol analyzer tool. • Attach the tool to the network interface where the JVM communicates. • Look for "Server Hello" record to determine TLS version used on a particular socket. • A Java developer friendly way: inspect debug logs. java -Djavax.net.debug=ssl:handshake • Get more filtered logging via: java -Djavax.net.debug=ssl:handshake:verbose:keymanager:trustmanager • Configure jdk.TLSHandshake JFR event to get essential TLS information. Java Day Copyright © 2024, Oracle and/or its affiliates 16
  • 17. "ServerHello": { "server version" : "TLSv1.2", "random" : "8B9226A071E9418850BE24838F42FDAF7422A07FDE62CB7D510FBF59E8E88F78", "session id" : "CF0AB2C10ED94F56C8FA0214E7BD2C378352E66D29543B321AB7878A72304E47", "cipher suite" : "TLS_AES_128_GCM_SHA256(0x1301)", "compression methods" : "00", "extensions" : [ "supported_versions (43)": { "selected version": [TLSv1.3] }, "key_share (51)": { "server_share": { "named group": x25519 "key_exchange": { 0000: 60 36 B3 39 35 71 9F F0 16 93 1E 96 87 FB 65 6E `6.95q........en 0010: 44 1B C6 D8 9B 67 83 52 85 D9 C0 00 FC D6 1D 24 D....g.R.......$ } }, } ] } An example of a ServerHello record captured in logs 17 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 18. Start a recording while jdk.TLSHandshake is enabled as well. java -XX:StartFlightRecording:settings=default,duration=60s, +jdk.TLSHandshake#enabled=true,+jdk.TLSHandshake#stackTrace=true Switch jdk.TLSHandshake options to true in JFR configuration file. Run jfr configure command in a terminal window. jfr configure jdk.TLSHandshake#enabled=true jdk.TLSHandshake#stackTrace=true Capture protocol details by enabling jdk.TLSHandshake 18 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 19. Local demo setup overview Running TicTacToe locally Monitor with JDK tools Spring Boot application with JDK 22 Keystore 19 Java Day Copyright © 2024, Oracle and/or its affiliates Truststore Client Certificate #local.ext file authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE subjectAltName = @alt_names [alt_names] DNS.1 = localhost DNS.2 = springboot IP.1 = 127.0.0.1
  • 20. # start a recording jcmd llvmid JFR.start duration=60s filename=/tmp/TLS.jfr # use jfr print command $JAVA_HOME/bin/jfr print --events "TLS*" /tmp/TLS.jfr jdk.TLSHandshake { startTime = 12:55:27.396 (2024-03-03) peerHost = "google.com" peerPort = 443 protocolVersion = "TLSv1.3" cipherSuite = "TLS_AES_128_GCM_SHA256" certificateId = 587815551 eventThread = "tomcat-handler-15" (javaThreadId = 93, virtual) stackTrace = [ sun.security.ssl.Finished.recordEvent(SSLSessionImpl) line: 1165 sun.security.ssl.Finished$T13FinishedConsumer.onConsumeFinished(ServerHandshakeContext, ByteBuffer) line: 1138 ... ] } Inspect TLS handshakes with jcmd and JFR 20 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 21. Analysing X.509 Certificates Java Day Copyright © 2024, Oracle and/or its affiliates 21
  • 22. Importance of X.509 certificates • Bind an identity to a public key using a digital signature. • Enable secure communication and transaction between two parties. • Establish trust based on a series of fields: • version • serial number • signature (algorithm ID and parameters) • issuer name • validity period • subject name • subject public key (and associated algorithm ID) Java Day Copyright © 2024, Oracle and/or its affiliates 22
  • 23. # use keytool to query certificates in JDK truststore $JAVA_HOME/bin/keytool -cacerts -list –v # use keytool to query certificates in a keystore keytool -v -list -keystore /path/to/keystore # configure the debug system properties to print verbose X.509 certificate information java -Djava.security.debug=certpath -Djavax.net.debug=all View certificate details 23 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 24. # switch the jdk.X509Certificate and jdk.X509Validation options to true in your JFR configuration file <event name="jdk.X509Certificate"> <setting name="enabled">true</setting> <setting name="stackTrace">true</setting> </event> <event name="jdk.X509Validation"> <setting name="enabled">true</setting> <setting name="stackTrace">true</setting> </event> # or run jfr configure command in a terminal window $JAVA_HOME/bin/jfr configure jdk.X509Certificate#enabled=true jdk.X509Validation#enabled=true # or enable the options on application launch java -XX:StartFlightRecording:settings=default,jdk.X509Certificate#enabled=true,+jdk.X509Validation#enabled=true Enable relevant details about X.509 certificates in JFR 24 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 25. Show recorded details about X.509 Certificates. $JAVA_HOME/bin/jfr print --events jdk.X509Certificate /tmp/cert.jfr Run your application with -XX:StartFlightRecording flag and have jdk.X509Certificate and jdk.X509Validation options enabled. Execute a diagnostic command via jcmd. jcmd llvmid JFR.start duration=60s filename=/tmp/cert.jfr Capture details on X.509 certificates with jcmd and JFR 25 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 26. $JAVA_HOME/bin/jfr print --events “jdk.X509Certificate” /tmp/cert.jfr jdk.X509Certificate { startTime = 09:59:25.672 (2022-11-10) algorithm = "SHA1withRSA" serialNumber = "18dad19e267de8bb4a2158cdcc6b3b4a" subject = "CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US" issuer = "CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US" keyType = "RSA" keyLength = 2048 certificateId = 303010488 validFrom = 00:00:00.000 (2006-11-08) validUntil = 23:59:59.000 (2036-07-16) eventThread = "main" (javaThreadId = 1) stackTrace = [ sun.security.jca.JCAUtil.tryCommitCertEvent(Certificate) line: 126 java.security.cert.CertificateFactory.generateCertificate(InputStream) line: 356 ... ] } Example output of recorded details 26 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 27. Continuous Monitoring in the Cloud Java Day Copyright © 2024, Oracle and/or its affiliates 27
  • 28. JDK Flight Recorder provides rich, structured data, and API support to event streams. Until JDK 16, developers could monitor a Java process on a remote host and control what is recorded via JDK Mission Control. Since JDK 16, you can transfer recorded events programmatically, as they occur, over the network using javax.management.MBeanServerConnection. Streaming JFR events 28 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 29. String host = "com.example"; int port = 7091; String url = "service:jmx:rmi:///jndi/rmi://" + host + ":" + port + "/jmxrmi"; JMXServiceURL u = new JMXServiceURL(url); JMXConnector c = JMXConnectorFactory.connect(u); MBeanServerConnection connection = c.getMBeanServerConnection(); try (RemoteRecordingStream stream = new RemoteRecordingStream(connection)) { stream.enabled("jdk.X509Certificate").withStackTrace(); stream.onEvent("jdk.X509Certificate", System.out::println), stream.start(); } Monitor a remote host using a MBeanServerConnection 29 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 30. CompositeMeterRegistry metricsRegistry = Metrics.globalRegistry; try (var es = EventStream.openRepository()) { es.onEvent("jdk.X509Validation", recordedEvent -> { Gauge.builder("jdk.X509Validation", recordedEvent, e -> e.getLong("validationCounter")) .description("X509 Certificate Validation Counter").register(metricsRegistry); }); es.start(); } catch (IOException e) { throw new RuntimeException("Couldn't process event", e); } Stream JFR events actively and within process 30 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 31. Evolving the demo setup Oracle Cloud 31 Java Day Copyright © 2024, Oracle and/or its affiliates Run podman compose with TicTacToe in Oracle Cloud Instance Monitor with JDK tools Spring Boot application with JDK 22 Keystore Player Monitoring tool (Prometheus) Configuration Volume Volume Java Management Service
  • 32. Oracle Cloud service that helps manage and reduce total cost of ownership of Java deployments running on-premise (desktop, laptop, server) or in the cloud (OCI and non-OCI clouds). Visibility Discover, manage and patch your Java deployments across the enterprise Insight Telemetry data from the JVM to analyze configuration, security, performance, compliance, and efficiency Automation Security Analysis Migration Analysis Optimizing JVM tuning Java Management Service (JMS) 32 Java Day Copyright © 2024, Oracle and/or its affiliates
  • 33. Let’s play and observe! Java Day Copyright © 2024, Oracle and/or its affiliates 33
  • 34. Stay tuned for more! Java Day Copyright © 2024, Oracle and/or its affiliates 34 Inside.java Dev.java youtube.com/java
  • 35. Useful links • Monitoring Java Application Security with JDK tools and JFR Events: https://dev.java/learn/security/monitor/ • Stack Walker ep 2 on JFR https://inside.java/2023/05/14/stackwalker-02/ • Continuous monitoring with JDK Flight Recorder: https://www.infoq.com/presentations/monitoring-jdk-jfr/ • Code used during demo: https://github.com/ammbra/tictactoe • OCI Instance installation: https://www.anamihalceanu.com/post/building-a-cloud-compute-instance-with-java-concepts • Compose files in OCI: https://docs.oracle.com/en/learn/podman-compose/index.html#confirm-podman-compose-is-working • More articles on Java Management Service: https://inside.java/tag/cloud • Gunnar Morling’s article on custom JFR events: https://www.morling.dev/blog/rest-api-monitoring-with-custom-jdk-flight- recorder-events/ Java Day Copyright © 2024, Oracle and/or its affiliates 35