Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
English
Entry № 1012

RASP (Runtime Application Self-Protection)

Reviewed byCybersecurity entrepreneur & security researcher

What is RASP (Runtime Application Self-Protection)?

RASP (Runtime Application Self-Protection)A defense embedded inside a running application that monitors execution context and blocks malicious behavior, such as injection or deserialization attacks, in real time.

RASP instruments the application runtime — for example via Java agents, .NET CLR hooks or Node.js wrappers — to observe data flow, function calls and security-relevant APIs. When it detects that user-controlled input is reaching a dangerous operation (e.g., a SQL parser, a deserializer, a command executor), it can log, alert or block the request. Unlike a WAF, which sits at the network edge and inspects traffic, RASP has full application context: it knows which user, which session and which code path. RASP is most useful as a last line of defense for high-value applications where signatures and WAF rules struggle, but it adds runtime overhead and complexity.

Examples

  1. 01

    A Contrast Protect agent blocking a SQL injection attempt against a Java service in production.

  2. 02

    Imperva RASP stopping an insecure-deserialization payload on a .NET API.

Frequently asked questions

What is RASP (Runtime Application Self-Protection)?

A defense embedded inside a running application that monitors execution context and blocks malicious behavior, such as injection or deserialization attacks, in real time. It belongs to the Application Security category of cybersecurity.

What does RASP (Runtime Application Self-Protection) mean?

A defense embedded inside a running application that monitors execution context and blocks malicious behavior, such as injection or deserialization attacks, in real time.

How do you defend against RASP (Runtime Application Self-Protection)?

Defences for RASP (Runtime Application Self-Protection) typically combine technical controls and operational practices, as detailed in the full definition above.

What are other names for RASP (Runtime Application Self-Protection)?

Common alternative names include: Runtime protection.

Related terms

See also