Product Security Glossary

Runtime Application Self-Protection

What is RASP? 

RASP stands for Runtime Application Self-Protection.  It’s a technology that allows otherwise insecure web applications to identify and block attacks in real time.  It can help prevent SQL Injection attacks, Cross-Site Scripting attacks, and Zero-Day exploits, among other things. 

Why is RASP Needed? 

These vulnerable web applications are a gold mine for criminals.  Vulnerabilities can allow an attacker to steal databases of customers’ credit card information, plant cryptocoin mining malware, join the servers to a botnet, or even take over the entire corporate network.  A good RASP system could help prevent these attacks, even when the web applications themselves are vulnerable. 

How Does RASP Work? 

A RASP program runs on a server alongside the applications that need to be protected.  When a web application starts, RASP will monitor its behavior, and will protect it from malicious input.  RASP intercepts system calls from the application to the system, and ensures that they’re secure.  It also validates data requests within the app. 

RASP can run in diagnostic mode, which allows suspicious events to take place and then logs them.  In protect mode, RASP actually stops suspicious activity.  Let’s say that RASP is protecting a database application, and it sees what appears to be SQL Injection commands directed at that database app. In protect mode, RASP would prevent those commands from reaching the app. 

How can RASP be Implemented? 

There are two ways to implement RASP.  The first way is for application developers to include RASP function calls in the application source code.  This is the better way of doing things, because it allows developers to more precisely define what they want to have protected in the running app. 

The second way is to just take a completed app, and envelop it in a RASP wrapper.  It’s not as precise as the first method, but it is a lot simpler. 

What are the Advantages of RASP? 

Unlike a traditional firewall that can only monitor traffic at the network perimeter, a RASP can monitor what’s going on within the network, as well as what’s going on within the monitored applications.  Even if an attacker has penetrated the network perimeter, RASP can still protect a system with a great degree of accuracy.  Also, RASP data protection mechanisms can make application data unreadable to attackers. 

Are there any Downsides to RASP? 

RASP is great technology, but there are a few downsides.

To begin with RASP can’t protect against all vulnerabilities.  And really, you can’t expect it to. 

RASP also can’t fix defects in an application’s code.  If an application’s code is defective without RASP, it will still be defective with RASP.

Finally, RASP can cause a bit of a performance hit.  But, experts disagree on how big the performance hit actually is. 

Summary 

RASP is a great technology that can help protect sensitive systems.  RASP has a few downsides, and therefore should be used together with other security tools to make sure that the application is developed with security by design.