Runtime Application Self-Protection (RASP)
Imperva RASP keeps applications safe by default
Applications are primary targets of cyberattacks because they handle a variety of personal data, intellectual property, financial information, and other critical data. According to the Verizon Data Breach Investigation Report 2019, targeted attacks on web applications have been the most likely starting point for triggering a breach of data security for several years. Many traditional application security tools cannot protect companies from attack because they rely primarily on signatures and rules that are easy to bypass. They cause performance degradation, have difficulty stopping zero-day attacks, suffer from high false-positive rates, and lack real-time context and transparency. Imperva believes that securing applications requires radical thinking: applications must defend themselves.
Imperva runtime application self-protection = standard security.
- RASP-protected applications in production are safe by default , regardless of where and how they are used.
- RASP gives you time to fix and patch vulnerabilities because your applications are secure, regardless of latent vulnerabilities in original or third-party software.
- A new context-enhanced perspective of security from the inside of your apps with unprecedented transparency about application attacks, events and risks.
- More efficient lifecycle of secure software development (SSDLC) and vulnerability management using real attack-based risk management.
Imperva RASP protects against:
- Command injection
- Cross-Site-Scripting (XSS)
- Cross-website falsification (CSRF/ XSRF)
- Database access violation (enhanced SQLi)
- Manipulation of the HTTP method
- HTTP response division
- Unsafe cookies
- Big inquiries
- Log sensitive information
- Misformed content types
- Path Traversal
- Unsafe transport protocol
- Unauthorized network activity
- Unsafe transportation
- Unwanted exceptions
- Inquiries not validated
- Vulnerable dependencies
- Weak authentication
- Weak browser cache management
- Weak cryptography and encryption
- XML External Entity Injection (XXE)