-
Setup JVMXRay To Monitor Your Java Application Security
JVMXRay is a free, open-source Java agent that gives you runtime visibility into what your application is actually doing — file access, network connections, process execution, class loading — without changing a single line of your code. This guide walks you through cloning, building, and attaching JVMXRay to a Java application in about ten minutes. [More…]
-
Getting Started: Scanning badssl.com With DeepViolet TLS Workbench
DeepViolet TLS Workbench is a free, open-source Java tool that performs deep TLS/SSL analysis of any server. In this walkthrough we will download the CLI scanner from GitHub, point it at badssl.com, and break down what the results tell us about the server’s security posture. What Is badssl.com? badssl.com is a well-known test site maintained [More…]
-
ZAP – Introducing DeepViolet
Article I wrote on the ZAP team’s integration of DeepViolet API.ZAP – Introducing DeepViolet [More…]
-
The JVMXRay Journey: From SecurityManager to Bytecode Injection
Every project has a story, not just the polished version you see on a README, but the real one. The wrong turns, the existential threats, the moments where you wonder if the whole thing is dead. JVMXRay has had all of those moments, and it’s still here. This is the story of how it got [More…]
-
AI Is Writing Code Faster Than Security Can Follow — Runtime Visibility Is the Answer
There is a fundamental shift happening in software development right now, and it is not subtle. AI-assisted coding tools like, GitHub Copilot, Claude Code, Cursor, Windsurf, and others have changed the speed at which code gets written. Features that used to take a team a sprint now land in days. Entire modules materialize from a [More…]