Runtime Application Self Protection (RASP)
RASP is a Runtime Application Self Protection technology tool that runs on a server and triggered in when an application runs. RASP is designed to detect attacks on an application in the real time. It can protect app from malicious attack and analyze app’s behavior and the context of that behavior. By monitoring real-time traffic behavior, attacks can be identified and mitigated immediately without human intervention.
RASP added security into a running application. It captures all calls from the app to a system, making sure data is secure. Web and non-web apps can be secured by RASP. It doesn’t affect the design of the app because RASP detection and protection features operate on the server in real time.
Two primary RASP Capabilities are:
- Application protection
- Application threat intelligence
Features of Runtime Application Self Protection :
Below are some of the attributes of a good and preferable RASP solution:
- Memory-based Attack Protection.
- Zero Day Attack Protection.
- Real time Attack Blocking.
- Should not introduce vulnerabilities.
- Maintain distance from PII of users.
- Should not learn the bad stuff.
- Minimal headache in deployment.
How Runtime Application Self Protection works?
When a risk in an app occurred, RASP takes control of the app and addresses the problem. In diagnostic mode, RASP will just trigger an alarm for a attack. In protection mode, RASP will try to stop attacks. RASP terminating a user’s session, stopping an application’s execution or alerting the user about attack. Developers can implement RASP in various way: –
Operating Modes:
Self-protection mode: This mode stops the execution of request in run-time environment, attacks that trigger actual vulnerabilities in the code.
Monitoring mode: Monitoring mode will only report the vulnerability details to a dashboard.
Key Benefits of a RASP
- Dramatic false positive reduction.
- Strong protection, including zero-days.
- Easy maintenance.
- Adaptability to new standards.
- Cloud support.
- DevSecOps support.
- RASP delivers lower CapEx and OpEx.
- RASP accuracy means more protected applications.
- RASP is cloud and DevOps-ready.
- RASP delivers unprecedented application monitoring.
- Abruptly end a user session.
- Shut down the application or system.
- Flag admins and security personnel of the uneven event.
- Send warnings to system users.
Downsides of RASP
- Real attacks are difficult to identify.
- In RASP applications (particularly APIs) use complex formats like JSON, XML, serialized objects, and custom binary formats.
RASP Security Tools Vendors List
Below are some of the key vendors selling RASP security solutions –
- Imperva Real-time Application Self Protection (RASP)
- Micro Focus Fortify Application Defender
- JSDefender – App Protection for JavaScript
- Sqreen RASP
- Contrast Protect (RASP)
- Hdiv Protection (RASP)
- IMMUNIO
- K2 Security Platform
- KyberSecurity Application Protection
- Templarbit Shield
- Waratek Enterprise
- Waratek Secure
- Fortify Application Defender
- Veracode Runtime Protection
- Prevoty Application monitoring and protection
Why RASP Security Is Important
RASP is important because it brings in the concept of blocking and tackling security related attacks down into the application layer, which for many years has been one of those unclear areas that security and development sides have been unassured how to address.
What does RASP protect against?
Attacks
- Clickjacking
- HTTP Response Splitting
- HTTP Method Tampering
- Large Requests
- Malformed Content Types
- Path Traversal
- Invalidated Redirects
Injections
- Command Injection
- Cross-Site Scripting
- Cross-Site Request Forgery
- CSS & HTML Injection
- Database Access Violation
- JSON & XML Injection
- OGNL Injection
- SQL Injection
Weaknesses
- Insecure Cookies & Transport
- Logging Sensitive Information
- Unauthorized Network Activity
- Uncaught Exceptions
- Vulnerable Dependencies
- Weak Authentication
- Weak Browser Caching
- Weak Cryptography
RASP Attack Detection
RASP solution is built into the application runtime environment and is capable of detecting and preventing attacks in the real time including protection against zero-day attacks. It does not require any tuning and provides highly-accurate out-of-the-box detection.
Related – WAF vs RASP
Conclusion
Runtime Application Self-Protection (RASP) is a security tool that combines with application and it executes in the runtime environment during execution it constantly captures traffic to check their security, permitting safe traffic and blocking malicious traffic that could indicate an attack.
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
