The Java Agent - Modifying Bytecode at Runtime to Protect Against Log4J

Explore the power of Java Agents in modifying bytecode at runtime to enhance application security. Learn how Java Agents work, both when configured at startup and when attached to a running process. Discover the underlying Java Agent API and its applications in analyzing and modifying applications. Follow along with a practical example of bytecode modification to protect against Log4J and other vulnerabilities. Gain insights into dynamic and static agent attachment, Runtime Application Self-Protection (RASP), Log4J interpolation, JNDI, and the potential threats posed by malicious JNDI servers. Watch a live demonstration of patching Log4J at runtime and see a vulnerability demo in action. This conference talk provides valuable resources, code examples, and recommended books for Java developers interested in enhancing their understanding of application security and bytecode manipulation.