Runtime application self-protection, or RASP, is a security approach in which an application or embedded component monitors and helps block malicious activity during execution. It matters because some attacks are best detected with visibility from inside the running application.
What is Runtime Application Self-Protection (RASP)?
RASP technologies work inside or closely alongside an application at runtime, watching how it processes requests, data, and code paths. They may help detect or block behaviors associated with attacks such as injection, command abuse, or unsafe execution flows.
What RASP Commonly Helps With
Common use cases include runtime detection, request inspection, application-aware blocking, and providing deeper context around active exploitation attempts.
RASP vs. WAF
A WAF sits in front of an application and filters web traffic. RASP works from inside or very near the application and can see runtime behavior with more internal context.
Frequently Asked Questions
Why do teams consider RASP?
Because internal application context can improve detection quality for certain kinds of runtime attacks.
Does RASP replace secure coding?
No. It can add protection and visibility, but secure design and testing still matter.
