// THREAT DETECTION AND DATA PRIVACY TERM
RASP
RASP, which stands for Runtime Application Self-Protection, is a security technology that works by running inside an application and protecting it from cyberattacks in real-time. It actively monitors the application's behavior and blocks malicious inputs as they occur.
TECHNICAL DEFINITION
RASP is a cybersecurity technology integrated directly within an application's runtime environment, providing real-time, context-aware protection by monitoring execution flow, data, and user input to detect and block malicious attacks such as SQL injection, XSS, and deserialization vulnerabilities, without relying on network-based proxies or external appliances.
BACKGROUND
Security testing is a process intended to detect flaws in the security mechanisms of an information system and as such help enable it to protect data and maintain functionality as intended. Due to the logical limitations of security testing, passing the security testing process is not an indication that no flaws exist or that the system adequately satisfies the security requirements.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Runtime protection
- Application self-protection
- Embedded security
- In-app security
USAGE NOTE
RASP is typically deployed in production environments to offer continuous protection for web applications and APIs against both known and zero-day threats, acting as an internal shield.
DEVELOPERS
Organizations developing technology related to RASP.
Contrast Security is a leading innovator in application security, providing a patented runtime application self-protection (RASP) solution that embeds security directly into applications to detect and block attacks in real-time.
Imperva offers a comprehensive application security portfolio, including a RASP solution that provides real-time protection against known and zero-day attacks by monitoring and protecting applications from within.
Fastly, through its acquisition of Signal Sciences, offers advanced web application and API protection (WAAP) that includes RASP-like capabilities to detect and block threats at the application layer.
Prisma Cloud by Palo Alto Networks provides comprehensive cloud-native security, including runtime protection capabilities that function as RASP for cloud applications, containers, and serverless functions.
Indusface provides a fully managed application security platform, AppTrana, which includes RASP functionality to protect web applications and APIs from threats by detecting and blocking attacks at runtime.
Waratek specializes in Java application security, offering a RASP solution that leverages virtualization to protect Java applications from known and zero-day vulnerabilities without code changes or performance impact.
OpenText's Fortify suite includes Application Defender, a RASP solution that provides real-time protection for web applications by monitoring execution and blocking attacks before they can cause damage.