Runtime Application Self-Protection
Runtime Application Self-Protection (RASP) is a technology that embeds security protections (detection, alerting, and mitigation) directly into an application and runs as the application is executed. RASP runs on the server and is touted for its ability to detect and prevent real-time application attacks from within the application itself.
RASP is an automated, self-monitoring technology; it intercepts requests to the app then analyzes behavior and context of behavior. If the request is valid, it is validated and allows the application to execute per usual.
In addition to detection and analysis, RASP can be configured to mitigate threats to the app automatically. The technology can operate in diagnostic mode, response/self-protection mode (terminating the app itself or sessions on the app), or may trigger an alert to administrators.
With RASP, each application is individually protected (unlike a firewall which protects the perimeter around the app) and has insight to application logic, configuration, and data and event flows. This means that RASP has a high level of accuracy in detecting attacks, reducing the number of false positives that are often a problem with technologies like firewalls or IDS/IPS.
Despite all of its benefits, RASP cannot protect against vulnerabilities built into an application during the development phase. Because a high percentage of apps are built with flaws, applications protected with RASP could still be vulnerable to attack. In addition, RASP doesn’t fix the problem of secure development, which many in the security industry believe is one of the most important ways to improve data security.
That said, the security of RASP scales with each application, and protection travels with the data when RASP is running in self-protect mode, which makes it a valuable option for organizations concerned about the security of their apps.
Get the DeMISTIfying InfoSec newsletter every Tuesday!