当前位置：网站首页>Runtime application self-protection (rasp): self-cultivation of application security

Runtime application self-protection (rasp): self-cultivation of application security

2022-06-23 13:31:00 【InfoQ】

Applications have become an excellent target for hackers to penetrate the enterprise . Because they know that if they can find and exploit vulnerabilities in the application , They have more than a third chance of successfully invading . what's more , The possibility of discovering application vulnerabilities is also high .Contrast Security The survey shows that ,

90% The application has not been tested for vulnerabilities during the development and quality assurance phases

, Even quite a few applications are not protected during production .

Because there are many vulnerable applications running in the enterprise , The challenge for the security team is how to protect these applications from attack . One way is for applications to protect themselves by identifying and preventing attacks in real time , This is called runtime application self-protection （Runtime Application Self-Protection） Technology .

What is? RASP ？

Apply self-protection at runtime （RASP） This concept is developed by Gartner On 2012 in , This is a new security technology , So that enterprises can prevent hackers from invading enterprise applications and data .

RASP Technology is usually built into an application or application runtime environment , Be able to control the execution of the application , And detect vulnerabilities to prevent real-time attacks .

When the application starts running ,RASP By analyzing the behavior of the application and the context of that behavior , Protect them from malicious input or behavior .RASP By enabling the application to continuously detect its own behavior , Can immediately identify and mitigate attacks , And there's no need for human intervention .

No matter what RASP Resident in server Where is it , It integrates security into running applications . It intercepts all calls from the application to the system , Make sure they are safe , And validate data requests directly within the application .Web He Fei Web Applications can be RASP The protection of the . This technology does not affect the design of the application , because RASP The detection and protection functions of the can be applied in the server Up operation .

Why? RASP So important ？

Intrusion prevention system （IPS） And network application firewall （WAF） Technologies such as are commonly used for application protection at run time , But they work online while checking network traffic and content . When they analyze traffic to and from applications and user sessions , They cannot see how traffic and data are handled within the application . Because their protection measures often lack the accuracy required for session termination , Therefore, it will consume a lot of security team bandwidth , Usually only used for alarm and log collection . What is needed now is a new application protection technology ——RASP, It can reside in the runtime environment of the application to be protected .

Security challenges facing applications

Protecting Web The application and API when , You will usually face the following 4 Common security challenges ：

1、  Real attacks are hard to identify .

Each application has its own unique vulnerability , And can only be used by special attacks . Completely harmless for an application HTTP request , It could be devastating for another application . meanwhile ,“ On-line （on the wire）” The data may be different from what it shows in the application （ go by the name of “ Impedance mismatch ” problem ）.

2、

Modern applications （ especially API） Use complex formats

, Such as JSON、XML、 Serialize objects and custom binary formats . These requests use the exception of HTTP Various agreements other than , Include WebSocket, It is created by the JavaScript、 Rich client 、 Mobile applications and many other sources .

3、  Traditional technical defense has no effect .

WAF By means of HTTP Analyze the traffic before it reaches the application server , Completely independent of the application . Although most large organizations have WAF, However, many of the these enterprises do not have a professional team to make necessary adjustments and maintenance , Make it only in “ Logging mode ”.

4、  Software is developing rapidly , Containers 、IaaS、PaaS、 Both virtual machines and elastic environments are experiencing explosive growth .

These technologies make applications and API Can be deployed quickly , But it will also expose the code to new vulnerabilities .DevOps It has also speeded up integration 、 Speed of deployment and delivery , Therefore, the process of ensuring software security in the rapid development stage becomes more complex .

Fortunately, , Apply self-protection at runtime （RASP） It can solve many of these problems

RASP How it works

When APP When a security event occurs in ,RASP Will control the application and solve the problem . In diagnostic mode ,RASP Just issue a problem alarm . In protected mode , It will try to block the problem instruction . for example , It can prevent execution on the database when it looks like SQL Instructions to inject attacks .

RASP Other actions that can be taken include terminating the user's session 、 Stop application execution , Or send an alarm to the user or security personnel .

Developers can do this in several ways RASP. They can access the technology through function calls contained in the application source code , Or they can put a complete application in one wrapper in , This allows the application to be protected with the press of a button . The first method is more accurate , Because developers can decide that they want to protect APP Which part of , For example, log in 、 Database query and management functions .

Either way , The end result will be Web The application firewall is bound to the runtime environment of the application . This closeness to the application means RASP Can be more finely tuned to meet the security needs of the application .

RASP Major advantages

RASP It is unique because it works inside the software , Instead of running as a network device . This makes RASP You can take advantage of all running applications and API Context information obtained in , Including the code itself 、 Frame configuration 、 Applications server To configure 、 Code base and framework 、 Runtime data flow 、 Runtime control flow 、 Back end connection, etc . More context information means wider protection scope and better accuracy .

RASP A lower cost

RASP The solution can quickly and efficiently prevent attacks until the underlying vulnerabilities are resolved

And WAF comparison , Their deployment costs and operation and maintenance are lower

They are deployed on existing server On , Avoid extra expenses

RASP Technology looks at what the application actually does , Therefore, the same type of adjustment is not required 、 model building 、 Validation or human resources

RASP Accuracy means that applications are better protected

Protecting applications from attacks often means trying to block them at the network level . But when it comes to understanding application behavior , Traditional methods are inherently inaccurate , Because they are outside the application . meanwhile , Network based application security products will generate many false positives and need to be constantly adjusted . In the past 25 In the year , Network protection is getting closer to application —— From firewalls to intrusion prevention systems , Until then WAF. With RASP, Security can go directly into the application .

RASP Pile insertion provides a level of accuracy that traditional methods cannot achieve

It enables application security to be truly in application

Higher accuracy enables enterprises to confidently protect more data and applications with fewer resources

RASP Can be in the cloud and DevOps Use in

RASP Be able to develop in agile 、 Cloud Applications and web Good operation in service

And those that need constant adjustment WAF The solution is different , It accelerates agile development by providing protection without rework

RASP Faster and more accurate application

Whether in the cloud or locally ,RASP Can move seamlessly as applications grow or shrink

Support RASP The application does not know that the attack is through API Or the user interface

RASP Provide unprecedented monitoring

RASP Simplify application security monitoring by plugging the entire application

When relevant parts of the application are accessed or other conditions are met （ Such as login 、 transaction 、 Permission change 、 Data manipulation, etc ）, You can create RASP Policy to generate log events

Policies can also be added and deleted as needed

With RASP, All these application records can be implemented without modifying the application source code or redeploying .

RASP Good at providing visibility of application layer attacks

RASP Keep providing information about who attacked you and the technology they used , And tell you which applications or data assets are targeted .

Except for the complete HTTP Request details ,RASP Application details are also provided , Including the specific location of the code line related to the vulnerability 、 Exact back-end connection details （ Such as SQL Inquire about ）、 Transaction information and currently logged in user .

Use RASP Provides instant visibility to software development teams , Help prioritize your work , And take action on security defense .

because RASP Not a hardware box , It can be easily deployed in all environments , And quickly stop hacker attacks , Finally, the application can defend against attacks in real time .

Self protecting applications will become a reality

When the attacker breaks through the perimeter defense ,RASP The system can still be protected . It provides insight into applied logic 、 Configuration and data event flow , It means RASP Can thwart attacks with high accuracy . It can distinguish between actual attacks and legitimate requests for information , This reduces false positives , So that network defenders can spend more time solving real problems , Instead of drilling into a dead end .

Besides , Its ability to self protect application data means that data is protected from birth to destruction . This is especially useful for businesses that need to meet compliance requirements , Because the self-protection data is unsolvable to network hackers . Even in some cases , If stolen data makes it unreadable when stolen , Regulators do not require companies to report this data breach .

And WAF equally ,RASP Nor will it fix the application's source code , But it does integrate with the application's underlying code base , And protect vulnerable areas of the application at the source code level .

because RASP Still in its infancy , Its shortcomings will be gradually overcome in the future development , And hopefully it will become the future of application security . just as Veracode Chief Innovation Officer Joseph Feiman In the position of Gartner As the vice president of research pointed out ：“ Modern security cannot test and protect all applications . therefore , The application must be able to protect itself —— Self test 、 Self diagnosis and self-protection . This should be CISO Top priority ”.

Reference link ：
Maverick Research: Stop Protecting Your Apps; It's Time for Apps to Protect Themselves:
https://www.gartner.com/en/documents/2856020

原网站

版权声明
本文为[InfoQ]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/174/202206231100461411.html