Imperva
Request DemoRequest DemoFlexprotect plans
LoginCloud Security ConsoleBot Management ConsoleRASP Console
EnglishDeutsch日本語中文
  • Products
        Application Security
      • Web Application Firewall
      • Runtime Application Self-Protection
      • API Security
      • Advanced Bot Protection
      • Attack Analytics
      • Client-Side Protection
        Data Security
      • Cloud Data Security
      • Database Security
      • Data Risk Analytics
        Edge Security
      • DDoS Protection
      • Secure CDN
    Flexible and predictable licensing to secure your data and applications on-premises and in the cloud. Explore FlexProtect Plans
  • Solutions
        Cloud Security
      • Amazon Web Services (AWS)
      • Microsoft Azure
      • Google Cloud Platform (GCP)
        Industries
      • Healthcare
      • Financial Services
      • Telecom & ISPs
      • Retail
    During 2019, 80% of organizations have experienced at least one successful cyber attack. Read the Report
  • Explore FlexProtect
      • FlexProtect Plans
      • Simplifying our Portfolio
  • Support
      • Technical Support
      • Services
      • Imperva University
      • Community
      • Documentation
      • EOL Policy
      • On-Premises Support Portal
      • Cloud Security Support Portal
      • Bot Management Support Portal
      • RASP Support Portal
  • Partners
      • Imperva Partner Ecosystem
      • Channel Partners
      • Technology Alliances
      • Find a Partner
      • Partner Portal Login
  • Customers
  • Resources
      • Customer Stories
      • Imperva Research Labs
      • Resource Library
      • Free Tools
      • Cyber Threat Index
      • Blog
  • Research Labs
      • Imperva Research Labs
      • Cyber Threat Index
      • Cyber Threat Attack Map
  • About Us
      • Who We Are
      • Press & Awards
      • Events
      • Locations
      • Careers
  • Login
      • Login
      • Cloud Security Console
      • Bot Management Console
      • RASP Console
  • Languages
      • English
      • Deutsch
      • 日本語
      • 中文

Home > Runtime Application Self-Protection (RASP) 

Runtime Application Self-Protection (RASP)

Imperva RASP protects your applications from the inside out.

Security by default

  • Embedded security within the application
  • Fewer worries about legacy code
  • Zero-day protection for 3rd party code
  • Faster deployments with greater confidence
  • Recommended in latest NIST Framework draft
Request DemoWatch Video
dot1
dot2
dot3
dot4
dot5
dot6
dot7
dot8
dot9

Protect applications from within

reducing risk

Application risk reduction

RASP protects your application from vulnerabilities so your teams can focus on business logic than drown in security technical debt while not leaving your application exposed to potential exploitation

scalable

Security as business transforms

With fading controls and ephemeral workloads, cloud native applications need more than just perimeter security. RASP provides security from within and goes wherever your application goes

RASP Attack Detection

Built into the application runtime environment, RASP is capable of detecting and preventing attacks real-time

  • Protection against zero-day attacks.
  • No tuning, highly-accurate out-of-the-box.
  • Protects against OWASP top 10 vulnerabilities.
Request Demo or Learn More

What does RASP protect against?

Attacks

  • Clickjacking
  • HTTP Response Splitting
  • HTTP Method Tampering
  • Large Requests
  • Malformed Content Types
  • Path Traversal
  • Unvalidated Redirects
  • Software Supply Chain Attacks

Injections

  • Command Injection
  • Cross-Site Scripting image description
  • Cross-Site Request Forgery image description
  • CSS & HTML Injection image description
  • Database Access Violation
  • JSON & XML Injection image description
  • OGNL Injection image description
  • SQL Injection image description

Weaknesses

  • Insecure Cookies & Transport image description
  • Logging Sensitive Information
  • Unauthorized Network Activity
  • Uncaught Exceptions
  • Vulnerable Dependencies image description
  • Weak Authentication image description
  • Weak Browser Caching
  • Weak Crpytography image description

WAF + RASP = Defense in Depth

web application firewall

WAF

For known exploit payloads

  • Attacks DDoS, malicious bots,
    script kiddies
  • Threats External/untrusted
rasp 2

RASP

For unknown payloads

  • Attacks obfuscated, context-dependent, Zero-day
  • Threats External/untrusted,
    Trusted insider, partners
attack threat

Zero-day protection

Using patented grammar-based techniques, RASP allows applications to defend themselves without signatures or patches- providing security by default and sparing you the operational costs of off-cycle 0-day patching.

Learn more about Zero-day exploits
cloud security

Cloud native application protection

With fading controls and ephemeral workloads, cloud native applications need more than just perimeter security. RASP provides security from within and goes wherever your application goes

Learn more about this topic
insider threat 1

Insider threat protection

Attached to the runtime, RASP sees east-west traffic within applications even from careless and malicious insiders

Learn more about this topic

Attack Visibility

  • Logging & Visibility
  • Supported Platforms
Logging & Visibility
  • Pre-correlated Intelligence Everything in one place.
  • Attack Classification Category, Event, Severity
  • Network HTTP Request, HTTP Response, IP Addresses, Hosts Info
  • Application User session, code execution, Filename, Line Number
  • Operating System File reads/writes, Process Execution
  • Database Query Execution, Modified Rows via Exeuction
group 8
Supported Platforms
time Runtimes
  • 412 px java programming language logo svg
  • 1075 px microsoft net logo svg
  • Node JS 01
  • Microsoft Dotnet 01
database 1 Databases
  • 1262 px microsoft sql server logo svg
  • mysql logo
  • postgresql logo 1
  • group 25
  • ibm db 2 logo 249 a 8 d 320 f seeklogo com
analytics and insights Insights & SIEMs
  • 129 1298432 splunk icon free png and svg download carnival
  • arcsight
  • group 26
  • IBM radar logo
  • group 24
Case Study

AARP

AARP approached Prevoty (now part of Imperva) for a RASP solution to protect the organization’s Amazon Web Services (AWS) hosted applications from attacks in its production environments

  • Evaluation

    Technology nimble enough to accommodate future architectural changes

  • Seamless integration

    RASP integrates itself into development pipeline and automated workflows easily

  • Permanent patching

    RASP fills security gaps in stacks that leave applications vulnerable at runtime

  • Results

    Applications deployed faster, at scale, and with security onboard

“AARP is always looking beyond conventional information security controls and the rapid implementation of RASP enabled us to instill confidence that we are exceptional stewards in protecting member data.”

Saffet Ozdemir VP of Information Security
aarp 1
Full Customer Story→

RASP goes everywhere and works anywhere

  • browser

    Active Applications

  • time 1

    Legacy Applications

  • ldap authentication

    3rd Party Applications

  • apps microservices 3

    APIs & Microservices

  • multi cloud 1

    Cloud Applications

  • web proxy

    Container & VMs

See how we can help you secure your web applications and data.

Request Demo
imperva cyber security demo light imperva cyber security mobile demo mobile light

Additional Resources

Watch Next

RASP works 1

How Imperva RASP works?

Short explainer video on RASP

wafandrasp1 1

Imperva WAF & RASP

Discover in this video how you can succeed in fine-tuning your Imperva WAF when coupled with Imperva’s RASP.

read next
Webinar-RASP has WAF's back
WebinarsRASP has your WAF’s back: Protect against zero days by default
aarp company logo 1
Case_studyAARP
Serverless Protection for AWS
DatasheetsServerless Protection for AWS
From our blog
Impervax2 GMQ2020 WebsiteAssets BlogMainImage 944x350@2x 1
Imperva A Seven-Time Magic Quadrant Leader and Named Highest for Completeness of Vision for WAF
Matthew Hathaway■Oct 21■2min read
KashmirBlack1 featured
CrimeOps of the KashmirBlack Botnet - Part I
Ofir Shaty, Sarit Yerushalmi■Oct 22■10min read
Related products
Web Application Firewall (WAF)
FlexProtect Plans
Imperva
Partners
  • Imperva Partner Ecosystem
  • Channel Partners
  • Technology Alliances
  • Find a Partner
  • Partner Portal Login
Resources
  • Imperva Blog
  • Resource Library
  • Case Studies
  • Learning Center
  • Industry Solutions
About Us
  • Who We Are
  • Press & Awards
  • Events
  • Partners
  • Careers
Contact

+1 (866) 926-4678
or Contact Us

Network
  • Network Map
  • System Status
Support
  • Emergency DDoS Protection
  • WAF Gateway & Data Security
  • Cloud Application Security
  • Imperva Community
  • Documentation Portal
  • API Integration
Languages
  • English
  • Deutsch
  • 日本語
  • 中文
Follow us

Copyright © 2021 Imperva. All rights reserved    Cookie Policy     Privacy and Legal     Modern Slavery Statement.

Start your free demo

“Imperva prevented 10,000 attacks in the first 4 hours of Black Friday weekend with no latency to our online customers.”

Top 3 US Retailer

Thank you!

envelope

An Imperva security specialist will contact you shortly.