WP RASP Market Leader | Secure all Applications by Default | Imperva

Home > Application Security > Runtime Application Self-Protection (RASP) 

Runtime Application Self-Protection (RASP)

Imperva RASP protects your applications from the inside out.

Schedule Demo
image description

Protect applications from within

Application risk reduction

risk reduction icon

RASP protects your application from vulnerabilities so that your teams can focus on business logic, without leaving your application exposed to potential exploitation

Security as business transforms

scalable icon

With fading controls and ephemeral workloads, cloud native applications need more than just perimeter security. RASP provides security from within and goes wherever your application goes

RASP Attack Detection

Built into the application runtime environment, RASP is capable of detecting and preventing attacks real-time

  • Protection against zero-day attacks.
  • No tuning, highly-accurate out-of-the-box.
  • Protects against OWASP top 10 vulnerabilities.
Schedule DemoorLearn More

What does RASP protect against?

Attacks

  • Clickjacking
  • HTTP Response Splitting
  • HTTP Method Tampering
  • Large Requests
  • Malformed Content Types
  • Path Traversal
  • Unvalidated Redirects
  • Software Supply Chain Attacks

Injections

  • Command Injection
  • Cross-Site Scripting image description
  • Cross-Site Request Forgery image description
  • CSS & HTML Injection image description
  • Database Access Violation
  • JSON & XML Injection image description
  • OGNL Injection image description
  • SQL Injection image description

Weaknesses

  • Insecure Cookies & Transport image description
  • Logging Sensitive Information
  • Unauthorized Network Activity
  • Uncaught Exceptions
  • Vulnerable Dependencies image description
  • Weak Authentication image description
  • Weak Browser Caching
  • Weak Cryptography image description
Schedule DemoorLearn More

WAF + RASP = Defense in Depth

web application firewall icon

WAF

For known exploit payloads

Attacks
DDoS, malicious bots, script kiddies
Threats
External/untrusted
rasp icon

RASP

For unknown payloads

Attacks
Obfuscated, context-dependent, Zero-day
Threats
External/untrusted, Trusted insider, partners
zeto day protection

Zero-day protection

Using patented grammar-based techniques, RASP allows applications to defend themselves without signatures or patches- providing security by default and sparing you the operational costs of off-cycle 0-day patching.

Learn about Zero-day exploits
cloud native application protection icon

Cloud native application protection

With fading controls and ephemeral workloads, cloud native applications need more than just perimeter security. RASP provides security from within and goes wherever your application goes.

Learn more
insider threat protection

Insider threat protection

Attached to the runtime, RASP sees east-west traffic within applications even from careless and malicious insiders.

Learn more

Attack Visibility

  • Pre-correlated Intelligence Everything in one place.
  • Attack Classification Category, Event, Severity
  • Network HTTP Request, HTTP Response, IP Addresses, Hosts Info
  • Application User session, code execution, Filename, Line Number
  • Operating System File reads/writes, Process Execution
  • Database Query Execution, Modified Rows via Exeuction
logging and visibility
logging and visibility

Runtimes

Databases

Insights & SIEMs

RASP goes everywhere and works anywhere

  • browser

    Active Applications
  • time

    Legacy Applications
  • ldap authentication

    3rd Party Applications
  • apps microservices

    APIs & Microservices
  • multi cloud

    Cloud Applications
  • web proxy

    Container & VMs

Additional Resources

Watch Next

wafandrasp1 1

Imperva WAF & RASP

Discover in this video how you can succeed in fine-tuning your Imperva WAF when coupled with Imperva’s RASP.

related resources
shutterfly logo 1
Case_studyShutterfly
Webinar-RASP has WAF's back
WebinarRASP has your WAF’s back: Protect against zero days by default
From our blog
A ribbon on metal plates that are attached together
The Battle Against Business Logic Attacks: Why Traditional Security Tools Fall Short
Kelsey WiniarskiJul 114min read
New MOVEit vulnerability CVE-2023-36934 blocked by Imperva
Gabi Stapel, Muly LevyJul 101min read
Related products
Web Application Firewall (WAF)