Author Archives: Rob Kenworthy

The Magic behind Burp and ZAP and other Proxies

If you build web applications and care about security, you have probably used the Burp and ZAP proxy security tools. These tools perform dynamic analysis on live web applications to identify security vulnerabilities. Burp and ZAP can discover issues with your applications as you … Continue reading

Posted in https, proxy, Security, Web | Leave a comment

Practical Byte Code Engineering

Over the past few years, I have written a few blogs about how to use byte code engineering. My first article was a brief overview while others discussed specific case studies.  In hindsight, I think I have overlooked covering the … Continue reading

Posted in Byte Code Engineering | Leave a comment

Instrumenting JBoss with javaagent jars

As the author of Feenix, a class reloading framework, I have recently been investigating how to reload web resources such as JSPs, JSF, and other web resources (images, css, etc). Unlike class reloading, web reloading is unique to each web … Continue reading

Posted in Byte Code Engineering, Developer Tool, JBoss | Leave a comment

JRebel Alternative: Feenix 2.2 beta is ready!

Newcomers to this blog may not know about’s Feenix project, but will almost certainly have heard about JRebel, the class and framework reloading software.’s original class reloading project, Feenix, used the Instrumentation API and was vastly inferior to … Continue reading

Posted in Byte Code Engineering, Developer Tool | Tagged , , , , | Leave a comment

Find JVM Memory Leaks with Instrumentation and PhantomReferences

Over the past year or so there has been quite a lot of attention on finding memory leaks in a JVM. Memory leaks can cause havoc in a JVM. They can be unpredictable and result in costly performance degradation or … Continue reading

Posted in Byte Code Engineering | Leave a comment

Web Security: Interview with an Expert

Most developers probably know a bit about security, but naively think they know enough to keep their apps secure. I don’t like to admit it, but I was in this camp until about a year ago. Unless terms like OWASP, … Continue reading

Posted in web security | Leave a comment

JRebel Unloaded

Introduction Welcome to the second installment of the series on byte code engineering. The first article, an overview of byte code engineering, can be found here. JRebel is indisputably the industry leading class reloading software. It is a useful … Continue reading

Posted in Byte Code Engineering | 11 Comments

jstack and jmap

When diagnosing performance issues, the JDK/bin tools, jstack and jmap, are two key sources of information to discovering what might be causing problems in your JVM(s). Running the jstack utility will cause each thread to dump its stack and jmap … Continue reading

Posted in jdk tools, memory leaks | Tagged , , , , , | Leave a comment

Byte Code Engineering

Introduction This blog entry is the first of a multi-part series of articles discussing the merits of byte code engineering and its application. Byte code engineering encompasses the creation of new byte code in the form of classes and the … Continue reading

Posted in Byte Code Engineering | Tagged , , , , , | Leave a comment