Page 82 - Cyber Warnings
P. 82
Runtime Application Self Protection
For its proponents Runtime Application Self Protection (RASP) represents not just the next
generation of application security but a quantum leap forward in how Cyber Security can bring
benefits to business beyond protecting assets and reputation.
Runtime Application Self Protection (RASP) is a term used to describe security technologies
that are embedded within the application tier which can detect and prevent runtime security
exploits.
Since its emergence in 2012 RASP, a term coined by a Research VP and Gartner Fellow
Joseph Feiman, has witnessed an increase in adoption commensurate with greater awareness
of the benefits of RASP.
What Distinguished RASP from WAF?
Unlike Web Application Firewalls (WAF) that occupy the perimeter space of IT security and
which attempt to protect applications by analysing Web traffic in order to identify malicious
activity using known attack signatures, RASP based technologies leverage their access to
runtime application data to prevent vulnerability exploitation.
This approach promises to eliminate false positives and significantly reduce the complexity and
management effort of mitigating the most common vulnerabilities being exploited today.
By embedding security intelligence directly within the application tier RASP technologies can
differentiate between application and user data allowing them to identify maliciously injected
code (tainted code) or to detect unusual application activity (indicators of intrusion) with an
unprecedented degree of precision. When compared to the high rates of false positives
produced by WAF and indeed incidents resulting in service disruption due to poorly configured
firewall rules, the contrast is stark.
RASP security rules can be configured to raise alerts or prevent attempts to access protected
compute resources such as file systems and network sockets.
Depending on the capabilities of the specific implementation of RASP these rules can be
simple, generic and dynamically adjustable at runtime without impacting the normal application
lifecycle or expected application operations.
Some of the most exploited vulnerabilities (as classified by OWASP) that RASP technologies
protect against include SQL Injection, Command Line Injection and Cross Site Scripting.
Mitigating SQL Injection using WAF typically demands the creation of multiple rules that attempt
to match as many permutations of SQL injection input data as possible while trying to avoid
matching genuine requests.
82 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
