Many of us came across SAST, DAST, IAST Application testing methodoloy. But we may not came across RASP on frequent basis. Though the method is nearly a decade old one ,Will have a detailed walk through about RASP and it’s functions here.
Applications have become a main target for Web invaders looking to penetrate the enterprise. One in three application are vulnerable and a successful breach is happening on to the corporate network. Applications has to protect themselves by identifying and blocking attacks in real time using technology called Runtime Application Self-Protection (RASP)
What is RASP?
RASP is a technology that runs on a server and kicks in when an application runs. It’s designed to detect attacks on an application in real time. When an application begins to run, RASP can protect it from malicious input or behavior by analyzing both the app’s behavior and the context of that behavior. By using the app to continuously monitor its own behavior, attacks can be identified and mitigated immediately. Both Web and Non-Web apps can be intervened by RASP
How RASP ?
When a security event in an app occurs, RASP takes control of the app and addresses the problem. In diagnostic mode, RASP will just sound an alarm that something is amiss. In protection mode, it will try to stop it.
RASP could take include terminating a user’s session, stopping an application’s execution, or alerting the user or security personnel.
Developers can implement RASP in a couple of ways. They can access the technology through function calls included in an app’s source code, or they can take a completed app and put it in a wrapper that allows the app to be secured with a single button push.
The end result is like bundling a web application firewall with the application’s runtime context. That close connection to the app means RASP can be more finely tuned to the app’s security needs.
AppSec @ Height
RASP shares some characteristics with traditional firewalls. Firewalls are a perimeter technology and can’t see what’s going on inside the perimeter. They don’t have a clue what’s happening inside applications. In addition, the perimeter has become more porous with the rise of cloud computing . That has reduced the effectiveness of both general-purpose firewalls and web application firewalls (WAFs).
The reason for this decline in effectiveness is that WAF deployment often takes place in response to some penetration test or security incident after the organization performs a cost analysis and decides a WAF deployment is less expensive than fixing the application’s source code.
Classy App Self Protection
Even though intruder penetrated in to the network, RASP has the insight into application logic, configuration, and data event flows. That means RASP can thwart attacks with high accuracy. It can distinguish between actual attacks and legitimate requests for information, which reduces false positives and allows network defenders to spend more of their time combating real problems and less time chasing digital security dead ends.
When a client makes a function call containing parameters that might cause harm to the web application. RASP intercepts the call at runtime, logging or blocking the call, depending on the configuration. This method of protecting a web application differs fundamentally from a WAF.
Build it better
Since RASP is still in its youth, it’s believed it will be able to surmount its deficiencies and become the future of application security.
Modern security fails to test and protect all apps. Therefore, apps must be capable of security self-testing, self-diagnostics, and self-protection. It should be a CISO’s top priority.
Security starts to spread deeper into the development timeline, many of the attacks RASP is designed to thwart will be built into an app’s source code. That will reduce the need for RASP, but it will still be handy to protect legacy apps.