Askeal Logo

Runtime Application Self-Protection (RASP)

Runtime Application Self-Protection (RASP) is a security technology that embeds directly into applications to monitor and block attacks in real time during execution.

What is RASP?How it typically works?Common techniquesImpactFurther reading

What is RASP?

Traditional defenses such as firewalls or static testing protect applications from the outside or before deployment. RASP takes a different approach: it integrates directly within the running application, providing runtime visibility and control. By doing so, it can detect and block malicious behavior with full context about the application’s logic, data, and execution environment. For SecOps, RASP adds a final protective layer that complements SAST, DAST, and WAF, catching attacks that evade earlier defenses.

How it typically works?

  1. Instrumentation: RASP modifies application code or runtime to insert monitoring hooks.
  2. Monitoring: it observes inputs, API calls, and data flows in real time.
  3. Policy enforcement: suspicious or malicious actions, such as an unexpected SQL query, are blocked instantly.
  4. Feedback: alerts and forensic data are shared with SOC tools like SIEM or EDR.

Because RASP operates inside the application, it has contextual awareness that external defenses lack. For example, it can tell whether a database query is normal business logic or the result of injected input.

Common techniques

  • Instrumentation-based RASP: inserts security checks into application code or bytecode.
  • Library-based RASP: integrates with standard libraries to intercept calls.
  • Inline blocking: immediately stops malicious actions instead of just alerting.
  • Detection-only mode: runs passively to gather data without impacting operations.
  • Integration with DevSecOps: feeds runtime insights back into development for continuous improvement.
  • Commercial RASP tools: vendors like Contrast Security and Imperva offer enterprise solutions.

Impact

RASP strengthens application security by defending against real-world attacks such as SQL injection, cross-site scripting, and command injection, even if developers missed them in testing. It reduces reliance on perimeter defenses and adapts to zero-day attacks by analyzing behavior instead of signatures.

Challenges include potential performance overhead and integration complexity, especially in high-traffic applications. Still, for SecOps, RASP provides runtime assurance that applications remain protected even in production.

Further reading

Related topics

DASTSASTWeb Application Firewall (WAF)