{"id":42647,"date":"2021-09-02T00:00:00","date_gmt":"2021-09-02T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/devops\/21\/i\/introduction-to-runtime-application-self-protection-rasp.html"},"modified":"2021-09-02T00:00:00","modified_gmt":"2021-09-02T00:00:00","slug":"introduction-to-runtime-application-self-protection-rasp-solution-engineer","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/introduction-to-runtime-application-self-protection-rasp-solution-engineer\/","title":{"rendered":"Introduction to Runtime Application Self-Protection (RASP) Solution Engineer"},"content":{"rendered":"

<\/p>\n

<\/div>\n

A growing number of organizations embrace DevOps to improve the process of building, deploying, and maintaining enterprise applications. This is a step in the right direction, but it can come with its fair share of security risks.<\/p>\n

Incorporating security into the DevOps process (now appropriately termed DevSecOps) helps spot and mitigate these issues early in the development life cycle. But there\u2019s an existing hurdle between security and development teams.<\/p>\n

Due to the competitive landscape of software development, organizations require lightning-fast speed of delivery to stay relevant. This can cause DevOps and SecOps teams to segregate their duties. Some developers focus only on application development functions and tooling and don\u2019t consider security to be part of their primary responsibilities, leaving SecOps teams to scan for vulnerabilities later in the production environment. Ever heard of the saying: \u201ca little too late\u201d? That applies here, as well. To shift security to the forefront of the build process, the mindset must change to security is everyone\u2019s responsibility<\/a>.<\/p>\n

Runtime application self-protection (RASP) is a relatively new development and can help bridge the gap, providing runtime level protection, peace of mind, and insight to developers on vulnerable lines of code. This article gives an overview of what RASP is and what it\u2019s all about.<\/p>\n

What is RASP?<\/span>RASP security technology runs inside an application itself and activates when an application starts. It detects and blocks attacks on the application as they occur, preventing vulnerabilities from being exploited.
 <\/p>\n

When RASP is integrated into a web or non-web application, it protects the software from malicious inputs by analyzing the application\u2019s behavior as well as the context of that behavior. By continuously monitoring its behavior using the application, RASP helps identify and mitigate attacks in real-time without human intervention.<\/p>\n

RASP software integrates with the application\u2019s runtime environment and runs with the application, wherever the application is architected to reside\u2014whether that be the server, virtual machine, container, or serverless function.<\/p>\n

Also, its detection and protection features don\u2019t impact the application\u2019s architecture, design, and implementation. RASP inspects all requests at a determined, strategic stack location in the application, ensuring there are no exploitations of vulnerabilities. It also validates data requests directly inside the application. It is an easy way to provide runtime protection early on inside the application itself protecting it from threats.<\/p>\n

Conventional security tools like virtual private networks (VPN), web application firewalls, and network access controls (NACs) can be labor-intensive to manage and usually developers are not involved with those configurations. RASP is a simple way for developers to get involved with the security process to protect their applications that they build at runtime.<\/p>\n

The implication is that authenticated users have overly broad network access, increasing the range of the risk-prone area and enabling far-reaching breaches. RASP can also help protect the application even when bad actors infiltrate firewalls and other perimeter protection software.<\/p>\n

RASP blocks an attack as it happens, though you can configure it to flag attacks. This is especially important when availability is a major concern. It works by defining a set of rules or policies that determine what to block or allow. We\u2019ll need to properly define these policies to not block legitimate traffic.<\/p>\n

5 reasons why you should care about RASP<\/span><\/p>\n

    \n
  1. RASP technology improves an application\u2019s security by monitoring inputs and blocking those that could allow attacks. It also protects the runtime environment from unwanted changes and tampering.<\/li>\n
  2. RASP prevents exploitation. It intercepts all kinds of traffic that indicate malicious behavior, such as SQL injection, vulnerabilities, and bots. It can terminate a user\u2019s session when it detects a threat. It can also alert security personnel<\/li>\n
  3. RASP can be deployed directly into the application. So, it\u2019s easy for developers to deploy and naturally able to monitor application behavior and self-protect. It prevents attacks with high accuracy, distinguishing attacks from legitimate requests and reducing false positives.<\/li>\n
  4. With RASP implemented properly, the application is already built to protect itself. This is good for the security team because it enables security engineers just on reported issues. Also, as much as developers try to write applications devoid of security vulnerabilities if a couple of issues escape the notice of the teams (both developers and security), RASP is there to save the day and provide insight to both teams where the vulnerability resides in the application code.<\/li>\n
  5. RASP offers better protection from zero-day exploits (cyber-attacks that occur on the same day a weakness is discovered in software), as well as a short-term fix when an application\u2019s patch is not available for a prolonged period.<\/li>\n<\/ol>\n

    Selecting the Right Framework<\/span><\/p>\n

    If you wish to leverage RASP technology, it\u2019s important to select a reliable framework because RASP enables the application to protect itself.<\/p>\n

    Trend Micro Cloud One\u2122 \u2013 Application Security<\/a> is built for speedy deployment, with minimal impact on development streams and performance.<\/p>\n

    When you integrate Application Security into your software, it alerts you as soon as attackers begin scans or launch attacks, providing the ability to stop runtime attacks before they occur. It also enables developers to locate vulnerabilities in the code that the attack could exploit. Most importantly, runtime protection prevents bad actors from exploiting real vulnerabilities, and developers get code-level information regarding the vulnerability.<\/p>\n

    Application Security protects against Open Web Application Security Project (OWASP) Top 10 vulnerabilities, such as SQL injection, malicious uploads, operating system (OS) command injection, and more. It also prevents exploits zero-day vulnerabilities thanks the world\u2019s largest vulnerability disclosure program, Trend Micro\u2122 Zero Day Initiative\u2122.<\/p>\n

    To get a detailed explanation of how to integrate Application Security into your application, check out its documentation<\/a>.<\/p>\n

    Automating RASP with Trend Micro<\/span> Application Security has two modes: detect mode and mitigate mode.<\/p>\n

    In detect mode, the software monitors call to the application and raise an alert if someone makes a suspicious call. In mitigate mode, Application Security prevents the execution of suspicious instructions or terminates a user session.<\/p>\n

    To protect our application, you need to configure three main components:
     <\/p>\n