Runtime Application Self-Protection

Definition

A security technology embedded directly into an application's runtime that detects and blocks attacks in real time by monitoring application behavior from within the execution environment, without relying on external network perimeter controls.

Technical Details

RASP agents instrument application code at the runtime layer (JVM, CLR, Node.js runtime, Python interpreter) to intercept security-sensitive operations — SQL queries, file access, deserialization, command execution — and block suspicious patterns before they complete. Unlike WAFs, RASP has full application context and can distinguish legitimate from malicious payloads with lower false positive rates. It is effective against zero-day exploits, SQL injection, and deserialization attacks.

Practical Usage

Application security teams deploy RASP agents for web applications exposed to untrusted input, particularly where legacy code makes secure coding fixes impractical. RASP complements WAFs — WAF provides perimeter filtering while RASP provides application-layer visibility into actual exploitation attempts.

Examples

A RASP agent blocks a SQL injection attempt by intercepting the malformed query before it reaches the database driver.
RASP detects a Java deserialization exploit in real time by monitoring ObjectInputStream calls and blocking anomalous class loading.
A Node.js RASP module prevents a prototype pollution attack by monitoring for __proto__ manipulation at runtime.

Related Terms

Web Application Firewall SQL Injection Zero-Day Exploit Application Security eBPF Security

← Back to Glossary