Runtime Application Self Protection (RASP) is a next-generation cyber security technology designed to redress some of the weak points of application security. Unlike firewalls or code analysis, runtime-based technologies contain application data and contextual awareness, enabling them to be both precise and preemptive.

In this article I introduce RASP. I’ll briefly compare RASP to other cyber security techniques and explain the factors that enable a runtime-based security solution to fend off common forms of cyberattack, including command injection, cross-site scripting, and SQL injection. I’ll also introduce the characteristics of different RASP implementations and briefly discuss existing RASP solutions for Java-based applications.