Application Security
RASP (Runtime Application Self-Protection)
Also known as: Runtime protection
Definition
A defense embedded inside a running application that monitors execution context and blocks malicious behavior, such as injection or deserialization attacks, in real time.
Examples
- A Contrast Protect agent blocking a SQL injection attempt against a Java service in production.
- Imperva RASP stopping an insecure-deserialization payload on a .NET API.
Related terms
IAST (Interactive Application Security Testing)
Application security testing that instruments a running application from the inside to observe code execution while it is being exercised by traffic or tests.
DAST (Dynamic Application Security Testing)
Black-box security testing that probes a running application over the network to find vulnerabilities visible only at runtime, such as injection, auth flaws and misconfigurations.
Web Application Firewall (WAF)
A reverse-proxy filter that inspects HTTP/HTTPS traffic to block web attacks such as SQL injection, XSS, and bot abuse before they reach the application.
Input Validation
Input Validation — definition coming soon.
Secure Coding
Secure Coding — definition coming soon.
OWASP Top 10
OWASP Top 10 — definition coming soon.