Runtime application self-protection

Runtime application self-protection (RASP) is a security technology that uses runtime instrumentation to detect and block computer attacks by taking advantage of information from inside the running software.^[1][2] The technology differs from perimeter-based protections such as firewalls, that can only detect and block attacks by using network information without contextual awareness.^[3][4] RASP technology is said to improve the security of software by monitoring its inputs, and blocking those that could allow attacks, while protecting the runtime environment from unwanted changes and tampering.^[5] RASP-protected applications rely less on external devices like firewalls to provide runtime security protection. When a threat is detected RASP can prevent exploitation and possibly take other actions, including terminating a user's session, shutting the application down, alerting security personnel and sending a warning to the user.^[6][7] RASP aims to close the gap left by application security testing and network perimeter controls, neither of which have enough insight into real-time data and event flows to either prevent vulnerabilities slipping through the review process or block new threats that were unforeseen during development.^[8]

Implementation

RASP can be integrated as a framework or module that runs in conjunction with a program's codes, libraries and system calls.^[5] The technology can also be implemented as a virtualization.^[4] RASP is similar to interactive application security testing (IAST), the key difference is that IAST is focused on identifying vulnerabilities within the applications and RASPs are focused protecting against cybersecurity attacks that may take advantages of those vulnerabilities or other attack vectors.^[9]

Deployment options

RASP solutions can be deployed in two different ways: monitor or protection mode. In monitor mode, the RASP solution reports on web application attacks but does not block any attack. In protection mode, the RASP solution reports and blocks web application attacks.^[10]

Future Research^[11]

• Pursue "integrated" approaches that support both development-time and runtime
• Explore decentralized coordination, planning, and optimization approaches
• Explore quantitative and qualitative approaches to assess overall security posture

See also

• Runtime verification
• Runtime error detection
• Dynamic program analysis

References

1. "Gartner IT Glossary: Runtime Application Self-Protection(RASP)". Gartner.
2. Messmer, Ellen (June 23, 2014). "Will Perimeter Firewalls Give Way to 'RASP'". NetworkWorld.
3. Laskowski, Nicole (February 25, 2015). "RASP Helps Apps Protect Themselves, But is it Ready for the Enterprise?". Computer Weekly.
4. Badakhchani, Hussein (October 20, 2016). "RASP Rings in a New Java Application Security Paradigm". JavaWorld.
5. Tittel, Ed (October 2016). "Runtime Application Self-Protection Basics, Pros and Cons". TechTarget.
6. "Runtime Application Self-Protection". Veracode.
7. Rouse, Margaret. "Runtime Application Self-Protection". TechTarget.
8. "How does RASP application security testing work?". www.bitpipe.com. Retrieved 2018-06-30.
9. "Category Direction - Interactive Application Security Testing (IAST)". Gitlab.
10. "What is runtime application self-protection (RASP)? - Definition from WhatIs.com". WhatIs.com. Retrieved 2019-09-20.
11. Yuan, Eric; Malek, Sam (2012). A taxonomy and survey of self-protecting software systems. pp. 109–118. doi:10.1109/SEAMS.2012.6224397. ISBN 978-1-4673-1787-0. Retrieved 2024-02-09.