Coined by Gartner in 2012, Runtime Application Self-Protection, RASP, is an emerging security technology that lets organizations stop hackers’ attempts to compromise enterprise applications and data. Built into an application or application runtime environment, runtime application self protection technology is capable of controlling application execution, detecting vulnerabilities, and preventing real-time attacks. A RASP solution incorporates security into the running application wherever it resides on a server. Being server-based, RASP security is able to detect, block, and mitigate attacks immediately, protecting applications as they run in real time by analyzing both application behavior and context. By using the app to continuously monitor its own behavior, RASP has the ability to protect an application from data theft, malicious inputs and behavior – without human intervention.
Technologies such as intrusion prevention system (IPS) and web application firewall WAF are often used for application protection at runtime, but they work in-line as they inspect network traffic and content. As they analyze traffic and/or user sessions to and from applications, they cannot see how traffic and data are being processed within applications. Because their protective measures often lack the accuracy necessary for session termination, they can consume considerable amounts of security team bandwidth and are typically used for alerts and log collection only. What is needed is a new type of application protection technology – RASP – which resides within a to-be-protected application’s runtime environment.
RASP tests can address the most serious security challenges involved in the protection of web applications and APIs including:
Fortunately, Runtime Application Self-Protection RASP can address many of these concerns.
RASP is a powerful technology that intercepts all calls from the app to a system, making sure they're secure. It validates data requests directly inside the app. It improves overall application security by monitoring inputs and blocking those that could allow attacks, while protecting the runtime environment from unwanted changes and tampering. RASP vendors offer unprecedented visibility and protection, blocking attacks quickly and effectively until the underlying vulnerabilities can be addressed.
Two primary RASP capabilities are:
What makes RASP testing unique is that it works from inside the software, rather than as a network device. This allows RASP to take advantage of all the contextual information available inside the running application or API, including the code itself, framework configuration, application server configuration, libraries and frameworks, runtime data flow, runtime control flow, backend connections, and more. More context means broader protection and better accuracy.
1. RASP delivers lower CapEx and OpEx:
2. RASP accuracy means more protected applications:
Protecting applications from attacks has historically meant attempting to block them at the network level. But legacy approaches are inherently inaccurate when it comes to understanding application behavior because they are outside of the application itself. Also, network-based application security products generate too many false positives and require constant tuning. Over the last 25 years, network protection has moved increasingly close to the application – from the firewall, to the intrusion prevention system, to the WAF. With RASP, security has moved in inside the application.
3. RASP is cloud and DevOps-ready:
4. RASP delivers unprecedented application monitoring:
5. RASP is excellent at providing visibility into application layer attacks:
Because RASP isn't a hardware box, it can be deployed easily in all environments, including development and testing. RASP enables instant visibility into application attacks and quickly stops hacks. The result: applications that can defend themselves against attacks in real-time.
Application security has long been split between development, where testing is crucial, and operations, where protection is paramount. Contrast Protect (with RASP) uses deep security instrumentation to gain insight into exactly how attacks behave, automatically weaving visibility and protection directly into applications, without requiring any application changes. Contrast Protect doesn’t need to “learn” applications – instead it becomes part of them. And, unlike other runtime application self-protection solutions, Contrast does not require any changes to applications or the runtime environment.
Contrast Security is the world’s leading provider of security technology that enables software applications to protect themselves against cyberattacks, heralding the new era of self-protecting software. Contrast's patented deep security instrumentation is the breakthrough technology that enables highly accurate assessment and always-on protection of an entire application portfolio, without disruptive scanning or expensive security experts. Only Contrast has sensors that work actively inside applications to uncover vulnerabilities, prevent data breaches, and secure the entire enterprise from development, to operations, to production.