Reputation: 21
Runtime Application Self Protection (RASP)
i am working at a company which works in cyber security field. Given to me a task about Rasp. I know what rasp approach is but I dont understand that how rasp uses the Java Virtual Machine or .Net Common Language Runtime (CLR).
According to some sources, it handled this by loading an agent into JVM or CLR.
Could some one tell me, how can agent do this? How can agent load itself to JVM or CLR?
Upvotes: 1
Views: 1755
Answers (1)
Reputation: 626
According to Gartner that has been the author of this concept:
RASP is a security technology that is built or linked into an application or application runtime environment, and is capable of controlling application execution and detecting and preventing real-time attacks.
In other words, it means security inside the application environment, that is a different approach if we compare with other external application protection solutions such as web application firewalls (WAF). So theorically any protection approach or combination of techniques from the application or inside the application could be considered as a RASP.
Starting from this foundational concept of protection from the application, there are different RASP implementation techniques such as instrumentation (with a different JVM with the original one but transforming the classes that we load) or a library integrated within the application that acts as a filter.
Many RASP vendors are based only in instrumentation technique (at JVM or application level), others only in a library inside the application, and in our case (Hdiv security) we use both approaches in the same RASP solution:
Instrumentation: to detect security vulnerabilities in the code and protect against the exploitation attemps if necessary. For instance a sql injection vulnerability, XSS, command injection, etc. In Java platform you could review Java Instrumentation API to understand how it works. Basically this APIs allow the transformation of compiled code to include an additional behaviour, without changing the original source code of the applications. In the case of security examples such as: database queries, command execution, etc.
Library: the most important goal is the protection of business logic flaws or design flaws (for example: OWASP A4, OWASP A7, binding attacks, etc.) and in that case we perform a information flow control system that controls the data flow between different request, in order to block this kind business logic attacks that can not be detected by AST tools.
Upvotes: 1
Related Questions
- How to configure port for a Spring Boot application
- How can I get the application's path in a .NET console application?
- A definitive guide to API-breaking changes in .NET
- How do I force my .NET application to run as administrator?
- Why is the Common Language Runtime a virtual machine?
- How does Parrot compare to other virtual machines?
- Java's Virtual Machine and CLR
- How are lambda expressions treated in C# Compiler & Virtual Machine?
- Security of a C# Windows service
- Run time exception handling (like Divide by zero) in JVM (Java)or CLR (C#)