Protect applications from within
Application risk reduction
RASP protects your application from vulnerabilities so that your teams can focus on business logic, without leaving your application exposed to potential exploitation
Security as business transforms
With fading controls and ephemeral workloads, cloud native applications need more than just perimeter security. RASP provides security from within and goes wherever your application goes
RASP Attack Detection
Built into the application runtime environment, RASP is capable of detecting and preventing attacks real-time
- Protection against zero-day attacks.
- No tuning, highly-accurate out-of-the-box.
- Protects against OWASP top 10 vulnerabilities.
What does RASP protect against?
Attacks
- Clickjacking
- HTTP Response Splitting
- HTTP Method Tampering
- Large Requests
- Malformed Content Types
- Path Traversal
- Unvalidated Redirects
- Software Supply Chain Attacks
Injections
- Command Injection
- Cross-Site Scripting
- Cross-Site Request Forgery
- CSS & HTML Injection
- Database Access Violation
- JSON & XML Injection
- OGNL Injection
- SQL Injection
Weaknesses
- Insecure Cookies & Transport
- Logging Sensitive Information
- Unauthorized Network Activity
- Uncaught Exceptions
- Vulnerable Dependencies
- Weak Authentication
- Weak Browser Caching
- Weak Cryptography
WAF + RASP = Defense in Depth
WAF
For known exploit payloads
RASP
For unknown payloads
Attack Visibility
- Pre-correlated Intelligence Everything in one place.
- Attack Classification Category, Event, Severity
- Network HTTP Request, HTTP Response, IP Addresses, Hosts Info
- Application User session, code execution, Filename, Line Number
- Operating System File reads/writes, Process Execution
- Database Query Execution, Modified Rows via Exeuction


Runtimes

Databases
Insights & SIEMs
AARP
AARP approached Prevoty (now part of Imperva) for a RASP solution to protect the organization’s Amazon Web Services (AWS) hosted applications from attacks in its production environments
- Evaluation
Technology nimble enough to accommodate future architectural changes
- Seamless integration
RASP integrates itself into development pipeline and automated workflows easily
- Permanent patching
RASP fills security gaps in stacks that leave applications vulnerable at runtime
- Results
Applications deployed faster, at scale, and with security onboard
AARP is always looking beyond conventional information security controls and the rapid implementation of RASP enabled us to instill confidence that we are exceptional stewards in protecting member data.
Saffet Ozdemir VP of Information Security Full Customer Story
-
Active Applications
-
Legacy Applications
-
3rd Party Applications
-
APIs & Microservices
-
Cloud Applications
-
Container & VMs

