What is Runtime Application Self-Protection (RASP)?
RASP is a technology that runs on a server and kicks in when an application runs. It’s designed to detect attacks on an application in real time. When an application begins to run, RASP can protect it from malicious input or behavior by analyzing both the app’s behavior and the context of that behavior. By using the app to continuously monitor its own behavior, attacks can be identified and mitigated immediately without human intervention.
RASP incorporates security into a running application wherever it resides on a server. It intercepts all calls from the app to a system, making sure they’re secure, and validates data requests directly inside the app. Both web and non-web apps can be protected by RASP. The technology doesn’t affect the design of the app because RASP’s detection and protection features operate on the server the app’s running on.
How RASP works
When a security event in an app occurs, RASP takes control of the app and addresses the problem. In diagnostic mode, RASP will just sound an alarm that something is amiss. In protection mode, it will try to stop it. For example, it could stop the execution of instructions to a database that appear to be a SQL injection attack.
Other actions RASP could take include terminating a user’s session, stopping an application’s execution, or alerting the user or security personnel.
Developers can implement RASP in a couple of ways. They can access the technology through function calls included in an app’s source code, or they can take a completed app and put it in a wrapper that allows the app to be secured with a single button push. The first approach is more precise because developers can make specific decisions about what they want protected in the app, such as logins, database queries, and administrative functions.
Whichever method is used with RASP, the end result is like bundling a web application firewall with the application’s runtime context. That close connection to the app means RASP can be more finely tuned to the app’s security needs.