A security technology that is built into an application and can detect and then prevent real-time application attacks is known as Runtime application self-protection (RASP). This introduces self protection without human intervention in case of threats or attacks. RASP prevents attacks by reconfiguring automatically without human intervention in response to attacks.
RASP causes the program to monitor itself and detect malicious input and behavior at runtime i.e when the application is executed. This is a paradigm shift from security only at the perimeter of the network to self defense by the application itself. This is achieved by analyzing both the application’s behavior and the context of the behavior in real time providing a continuous security analysis which also responds immediately in case an attack is identified.
How it works
A RASP agent, sits in the runtime environment, and monitors application program flow in real-time.
It uses contextual insight to identify, validate and stop attacks in production applications.
This detailed view into the actions of the system – including insight into application logic,
configuration and data and event flows – improves accuracy and minimizes false positives. In
addition, RASP can easily be applied to web and non-web applications, and doesn’t affect the
application design.
An example of a condition that could trigger a RASP response is execution of instructions that
access a database (which might cause a SQL injection exploit). The technology could either
be in diagnostic mode and simply sound an alarm regarding an attack, or it could be in selfprotection
mode and stop a potentially malicious execution.
Web application firewalls also inspect traffic and content and make decisions to terminate sessions.
But a RASP can also see how traffic is being processed by the applications. Where WAFs put up a wall in front of the application, RASP protects the application from the inside out. When a client makes a function call containing malicious data that might cause harm to the web application, RASP intercepts the call at runtime – logging or blocking the call, depending on the configuration. This method of protecting a web application differs fundamentally from a WAF.
RASP causes the program to monitor itself and detect malicious input and behavior at runtime i.e when the application is executed. This is a paradigm shift from security only at the perimeter of the network to self defense by the application itself. This is achieved by analyzing both the application’s behavior and the context of the behavior in real time providing a continuous security analysis which also responds immediately in case an attack is identified.
How it works
A RASP agent, sits in the runtime environment, and monitors application program flow in real-time.
It uses contextual insight to identify, validate and stop attacks in production applications.
This detailed view into the actions of the system – including insight into application logic,
configuration and data and event flows – improves accuracy and minimizes false positives. In
addition, RASP can easily be applied to web and non-web applications, and doesn’t affect the
application design.
An example of a condition that could trigger a RASP response is execution of instructions that
access a database (which might cause a SQL injection exploit). The technology could either
be in diagnostic mode and simply sound an alarm regarding an attack, or it could be in selfprotection
mode and stop a potentially malicious execution.
Web application firewalls also inspect traffic and content and make decisions to terminate sessions.
But a RASP can also see how traffic is being processed by the applications. Where WAFs put up a wall in front of the application, RASP protects the application from the inside out. When a client makes a function call containing malicious data that might cause harm to the web application, RASP intercepts the call at runtime – logging or blocking the call, depending on the configuration. This method of protecting a web application differs fundamentally from a WAF.