What is RASP?
Runtime Application Self-Protection (RASP) is a security technology that runs inside an application and detects and prevents attacks in real-time. It has full context of application behavior and can take immediate protective action.
How RASP Works
Instrumentation
- Integrates with application
- Monitors execution
- Access to context
Detection
- Analyze requests
- Monitor behavior
- Identify attacks
Protection
- Block attacks
- Sanitize inputs
- Terminate sessions
RASP vs WAF
| RASP | WAF |
|---|---|
| Inside application | Network perimeter |
| Full context | Limited context |
| No signatures needed | Signature-based |
| Language-specific | Protocol-based |
Protection Capabilities
- SQL injection
- Cross-site scripting
- Path traversal
- Remote code execution
- Deserialization attacks
Deployment Modes
Monitoring Alert only, no blocking. Good for initial deployment.
Blocking Active protection. Stops attacks.
Self-Healing Automatic response. Patch vulnerabilities.
Benefits
- Context-aware protection
- Low false positives
- No signature updates
- Runtime protection
- Compliance support
Considerations
- Performance impact
- Language support
- Integration effort
- Maintenance
- Coverage gaps
Solutions
- Contrast Security
- Imperva RASP
- Sqreen
- Hdiv Security