Hero background

Engineering Blog: Application security

Tutorials, tips and resources for engineers on cloud technologies and observability

Background wave overlay
NGINX vulnerability IngressNightmare

NGINX vulnerability: Quickly detect and mitigate IngressNightmare vulnerabilities with Dynatrace

Quickly find and mitigate the IngressNightmare vulnerabilities affecting Kubernetes clusters with Dynatrace.

By Thomas Fellinger -
Read now

Observability as Code: DIY with Crossplane

Observability as Code: DIY with Crossplane

By Joan Luque -
Read now

Extension management made simple with the new Dynatrace Extensions

Simplified extension management with Dynatrace Extensions

By Jakub Lendzinski -
Read now
Application security
NGINX vulnerability IngressNightmare

NGINX vulnerability: Quickly detect and mitigate IngressNightmare vulnerabilities with Dynatrace

Quickly find and mitigate the IngressNightmare vulnerabilities affecting Kubernetes clusters with Dynatrace.

By Thomas Fellinger -
Read now

VMware Security Advisory VMSA-2025-0004: Quickly find, remediate, and automate

VMSA-2025-0004 contains three vulnerabilities in VMware ESXi. Quickly find affected systems and automate remediation using Dynatrace.

By Ondrej Ilcik -
Read now
Apache Struts CVE-2024-53677; regreSSHion vulnerability

Hidden indicators: Tracing the emergence of Apache Struts CVE-2024-53677

Apache Struts CVE-2024-53677 introduces risk to the file upload mechanism. We identified early indicators to mitigate its impact.

By Farooq Shaikh -
Read now
NGINX vulnerability IngressNightmare

The anatomy of broken Apache Struts 2: A technical deep dive into CVE-2024-53677

Broken Apache Struts 2: Technical Deep Dive into CVE-2024-53677

By Anis Bouchekhima -
Read now

Generate security events from Dynatrace Security Investigator via OpenPipeline

Detect threats like DNS tunneling with custom Dynatrace security events.

By Tiit Hallas -
Read now
Apache Struts CVE-2024-53677; regreSSHion vulnerability

RegreSSHion vulnerability: Detecting CVE-2024-6387 in OpenSSH

The Qualys Threat Research Unit (TRU) discovered a Remote Unauthenticated Code Execution (RCE) vulnerability.

By Tiit Hallas -
Read now
security incident response with Dynatrace Automation Engine and Tetragon

Context-aware security incident response with Dynatrace Automations and Tetragon

This blog post demonstrates how to use Dynatrace Automations to build a runbook that combats sophisticated security incidents using honeytokens.

By Mario Kahlhofer -
Read now
TTP-based threat hunting with Dynatrace Grail and Falco for Security Analytics

TTP-based threat hunting with Dynatrace Security Analytics and Falco Alerts solves alert noise

Uncover advanced threat detection strategies using Dynatrace Security Analytics and Falco Alerts, proactively safeguarding your environment.

By Mario Kahlhofer -
Read now

Log forensics: Finding malicious activity in multicloud environments with Dynatrace Grail

Detect and investigate malicious activity using Dynatrace Grail, enhancing security posture across multicloud environments.

By Liisa Tallinn -
Read now
System Security Specialist Working at System Control Center evaluates synthetic monitoring vs. real user monitoring, zero-day attacks, vulnerability management, cybersecurity awareness month, cybersecurity best practices, Apache Commons Text vulnerability

New high severity vulnerability, CVE-2022-42889, in Apache Commons Text discovered

Details on a critical vulnerability (CVE-2022-42889) and its impact, emphasizing the need for timely patching and security measures.

By Robin Wyss -
Read now
Spring4Shell, Java Spring Framework

Spring4Shell: Detect and mitigate new zero-day vulnerabilities in the Java Spring Framework

Gain insights into mitigating Spring4Shell vulnerabilities in the Java Spring Framework, safeguarding applications from potential threats.

By Daniel Kaar -
Read now