Runtime application self-protection (RASP) is a radically effective, new entrant in the application security space.
Traditional solutions like static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) focus on the development and testing side. Web application firewalls (WAFs) and next-generation web application firewalls built on rulesets and signature lists utilize a black vs. white perimeter approach.
RASP focuses on protecting applications from within, both in production and at runtime. Depending on the nature of the implementation, RASP transforms or blocks malicious or malformed content, database queries, and token activity. A RASP’s coverage, performance, integration and real-time alerting capabilities will also vary depending on deployment.
Proactively surfaces real-time attacks in production, with few false positives
Works with all types applications, including secondary (third party, legacy, support, etc.)
With RASP, up to 100% of an Application Security Testing (AST) vulnerability backlog will not need immediate remediation. The threat will automatically be neutralized in case of attack in production allowing for better prioritization of remediation and higher efficiency.
Implementing RASP empowers you identify potential vs. actual vulnerabilities by collecting all application event data and showing real (not theoretical) attacks in your SIEM, log, WAF, etc.
Push applications into production faster without worrying about vulnerabilities. Use Prevoty during the design/test phase to see what an application will do at runtime (e.g. database calls, file read/write, login/logout, etc.).
Security and Development teams can coordinate even during agile and continuous development. Prevoty also centralizes security administration across multiple application development units.
RASP instantly protects older, perhaps non-compliant legacy applications that do not have active development or dedicated remediation resources. By deploying Prevoty's RASP within legacy applications, organizations can protect even those applications that are not being actively developed.
External protections like IPS and WAF serve as the first-line of defense, while RASP waits -- inside the application -- to intercept inputs and analyze how they interact with internal processes. RASP is the last line of defense.
OWASP Top 10: