Science

RASP: A Different Approach

Runtime application self-protection (RASP) is a radically effective, new entrant in the application security space.

Traditional solutions like static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) focus on the development and testing side. Web application firewalls (WAFs) and next-generation web application firewalls built on rulesets and signature lists utilize a black vs. white perimeter approach.

RASP focuses on protecting applications from within, both in production and at runtime. Depending on the nature of the implementation, RASP transforms or blocks malicious or malformed content, database queries, and token activity. A RASP’s coverage, performance, integration and real-time alerting capabilities will also vary depending on deployment.

Unique Capabilities of RASP

RASP solutions are tightly coupled with application code constructs susceptible to malicious exploit. Instead of blindly guessing that a particular payload will (or will not) exploit the code, RASP inspects the complete (and often-times transformed data) in the context of how the application will use it.

Gartner defines RASP as:

“A security technology built or linked into an application runtime environment to control execution and prevent real time attacks.”

RASP features

Context-sensitive protection & visibility

Proactively surfaces real-time attacks in production, with few false positives

Broad compatibility

Works with all types applications, including secondary (third party, legacy, support, etc.)

Improved vulnerability remediation

Mitigate vulnerabilities by neutralizing threats at runtime -- without needing to alter source code

Enhanced compliance

Dramatically lower your application risk of code injection attacks like XSS, CSRF, SQLi

RASP in production environments

Unique Capabilities of RASP

Reducing Vulnerability backlog

With RASP, up to 100% of an Application Security Testing (AST) vulnerability backlog will not need immediate remediation. The threat will automatically be neutralized in case of attack in production allowing for better prioritization of remediation and higher efficiency.

Real Time Visibility into attacks

Implementing RASP empowers you identify potential vs. actual vulnerabilities by collecting all application event data and showing real (not theoretical) attacks in your SIEM, log, WAF, etc.

Support Faster Application Release Cycle

Push applications into production faster without worrying about vulnerabilities. Use Prevoty during the design/test phase to see what an application will do at runtime (e.g. database calls, file read/write, login/logout, etc.).

Bridge the DevSecOps Gap

Security and Development teams can coordinate even during agile and continuous development. Prevoty also centralizes security administration across multiple application development units.

Protect Legacy Applications

RASP instantly protects older, perhaps non-compliant legacy applications that do not have active development or dedicated remediation resources. By deploying Prevoty's RASP within legacy applications, organizations can protect even those applications that are not being actively developed.

Layered Defense

External protections like IPS and WAF serve as the first-line of defense, while RASP waits -- inside the application -- to intercept inputs and analyze how they interact with internal processes. RASP is the last line of defense.

Optimize the SSDLC /DevOps

RASP Plugins and SDKs can be an effective part of a proactive secure coding training program

Reduce Risk & Increase Compliance

With Runtime protection, PCI compliance can be achieved that is fast, accurate and simple to maintain.

Prevoty has developed a high-performance RASP solution based on the LANGSEC methodology.

It supports applications at any stage of development: new potential releases, existing deployments, third-party and legacy applications.

By automatically neutralizing actual cross-site scripting (XSS), SQL injection (SQLi), cross-site request forgery (CSRF) attacks, applications can now self-defend against 95% of gateway attacks.

Read the prevoty rasp guide

Common application threats Prevoty protects against:

OWASP Top 10:

  1. Injection
  2. Broken Authentication & Session Management
  3. Cross-Site Scripting (XSS)
  4. Insecure Direct Object References
  5. Security Misconfiguration
  6. Sensitive Data Exposure
  7. Missing Function Level Access Control
  8. Cross-Site Request Forgery (CSRF)
  9. Using Components with known Vulnerabilities
  10. Unvalidated Re-directs and Forwards

Read our guide to runtime application self-protection (rasp) if you’re curious to learn more about:

  • RASP Evaluation Criteria / things to look for in a RASP Solution
  • Maintaining and controlling a deployed RASP Solution
  • How RASP interacts with WAFs, SIEMs, DAST, and Cloud Providers