What is RASP?
RASP stands for Runtime Application Self Protection, it is a technology that secures applications in runtime. RASP starts whenever any application configured with RASP executes and it protects the application in real-time.
RASP intercepts all the calls between the app and the system validates them and makes sure they are secure. Whenever there is a security incident happened RASP blocks it or logs it based on the configuration
For example, when any admin functions are accessed due to some vulnerability RASP blocks the call and based on configuration it might also terminate the session. Similarly, let’s say there is a SQL injection request that will be blocked and the session will be terminated.
Firewalls usually understand the data between client to server or application but they are out of scope for the application and internal data so if there is a vulnerability getting exploited internally like SSRF or buffer overflow then firewalls fail but RASP blocks those requests and terminates the session
How to implement RASP?
RASP can be implemented in two ways
- In the code
- Wrapper around the application
In the code:
In this way, the developer inserts the points where the protection is needed like database queries and logins and this is more accurate as the developers know what information needs to be protected.
Wrapper around the application:
In this way, the application was completely built and RASP will be wrapper around the application
Different modes in RASP:
- Monitor
- Protection
Monitor:
In monitor mode whenever the security incident occurs RASP will raise alerts and RASP won’t block any attack
Protection:
In protection mode whenever a security incident occurs RASP will block the attacks and send alters to security personnel based on configuration.
RASP helps in BYOD, and mobile protection where the connection to guests is high in number. With all the benefits of RASP, there is a downside which is performance. Depending on how you implemented RASP, application performance will take a hit.
Keeping everything aside RASP is one of the best tools that we have in information security.
Some of the tools related to RASP are Tcell, Sqreen, OpenRASP, and Imperva.
Leave a Reply