Tuesday, August 18, 2020
RASP - Runtime application self-protection
RASP or Runtime application self-protection is a security measurement implemented at the application that run in Production environment. It captures the request and handle the valication within the application. It can raise alert and prevent an attack by terminating the request operation.
2 closest security measurements mentioned earlier in this 31-day terminology series, to RASP, are IAST and WAF.
RASP is different from IASP, where IAST is focused on identifying vulnerabilities, while RASP focused on protecting against cyber security attacks. IASP normally run in Test environment, while RASP run in Production environment.
RASP is also different from WAF, where WAF performing the filter on the request and response as a proxy without knowing the application, while RASP sits inside the application and "understand" the application.
This is my first time hearing this term. I went through a RASP tool list by G2, and have never heard of any of them, except Contrast which OWASP recommended one of their tools for IAST. :P