Instrumentation Injection versus API
Instrumentation Injection – the process of embedding (inserting) instructions into a binary post-compile with no programming whatsoever – offers a powerful means of improving application monitoring, application security, and application lifecycle management. There are a number of scenarios where code injection makes a lot of sense - for this post, I'm really focusing only on the injection of application analytics instrumentation.
Injection is not a panacea and it is not always the best approach - but it often IS the best approach - yet, developers often don't warm to injection for a number of legitimate reasons (control and precision being the two most noteworthy), BUT injection offers a number of distinct advantages too:
- No coding frees developers up for more critical activities and reduces the cost of development.
- Static analysis that goes along with injection (before instrumentation can be injected, the target binary must be "analyzed" - it's like finding a vein before the needle goes in) allowing for addition coding requirements to be automated (eliminated) as well - for example, exception monitoring is simplified by auto-generated tri catch logic across java and .NET (and inside existing handler frameworks), the logic to package custom data for transmission is required to transmit non-standard data points, and the linking of analytics libraries into existing binaries all require additional developer time and effort and are eliminated with injection.
- Support for multiple instrumentation patterns across release phases, e.g. beta, production, trial, etc. without having to branch code is really only possible with injection because the decision as to how and where to instrument can be made independently of the code itself,
- The configuration file that determines what gets injected is a standalone artifact that can be preserved as an audit trail for governance and compliance obligations, and
- Since injection patterns can be done independently of each dev. team, standards and conventions around instrumentation can be implemented across applications and development teams – including those published through enterprise marketplaces.
Interested in seeing how injection fits with your instrumentation requirements? The two most widely deployed and trusted application injection platforms areDashO for Java and Dotfuscator for .NET supporting:
Application Analytics: the injection of feature, session, exception, and custom data instrumentation.
Tamper Defense: the injection of tamper detection, real-time defense, and notification services.
Shelf Life: the injection of end-of-life (expiry) logic to gracefully and safely end-of-life deployed applications.