What’s Wrong with RASP
RASP or “Runtime Application Self-Protection” is a new darling of the security industry. Its promise is to have applications look after their own security needs, detecting and preventing attacks on their code and data without outside help, automatically adapting, reconfiguring, and protecting themselves. RASP’s ability to identify vulnerabilities in source code is definitely beneficial. In addition, it can help increase security share-of-mind in development teams, which is often a good thing. Indeed, RASP accessing an application control flow graph may be well positioned to handle custom data formats and perform deep packet inspection.
Download this whitepaper to find the limitations and shortcomings of RASP from issues with coverage and blind spots to performance impact.