JavaWorld | By Hussein Badakhchani
Runtime-based technologies use contextual awareness to boost Java application security
Runtime Application Self Protection (RASP) is a next-generation cyber security technology designed to redress some of the weak points of application security. Unlike firewalls or code analysis, runtime-based technologies contain application data and contextual awareness, enabling them to be both precise and preemptive.
In this article I introduce RASP. I’ll briefly compare RASP to other cyber security techniques and explain the factors that enable a runtime-based security solution to fend off common forms of cyberattack, including command injection, cross-site scripting, and SQL injection. I’ll also introduce the characteristics of different RASP implementations and briefly discuss existing RASP solutions for Java-based applications.
Java vendors for RASP
Currently the three top vendors for Java-based RASP solutions are Contrast Security, Prevoty, and Waratek. Contrast’s implementation is instrumentation-based, Waratek’s are fully virtualized with container-based RASP, and Prevoty offer a plugin and an SDK.
Waratek won the coveted RSA Innovation Sandbox Award in 2015, and Prevoty where finalists in 2016. All three vendors have accumulated a number of other security and innovation awards. These vendors have announced commercial engagements and partnerships that set the stage for enterprise-scale RASP deployments into production environments. Waratek is the only vendor that can boast of a large-scale production deployment with a Tier 1 global investment bank, the most significant deployment of RASP that exists for Java technology today.