The reality of today’s world is that there is no clear perimeter to an organization’s information systems. That means that controlling the network edge is no longer the way to effectively secure web applications or an entire system. Access control, which was once the gold standard for protection, is no longer enough.
Because of their complexity, the best practice for securing web applications is to understand what normal, trusted activity looks like, so you can identify anomalies and threats. The way to do this is to monitor the application’s health.
Web applications and web services have many differences in functions and data. Yet, there are commonalities because of standardized communications protocols that separate data, logic, tools and processes, and presentation of the data to the end user. These commonalities enable security teams to create stronger defense for the apps.
Most of the sensitive data accessed by web apps is stored in a database, to which authorized users are given access. Unfortunately, databases are highly vulnerable to manipulation, especially when there are coding errors or the developers did not follow securing coding guidelines. Databases are particularly vulnerable to SQL injection threats.
Runtime application self-protection (RASP) technology enables monitoring of the runtime parameters related to database access--before deployment and during full operations. When you are able to monitor this in the staging environment, you can identify and reduce some risks before deployment. There are, however, limitations to identifying vulnerabilities in the staging environment. So it is critical to be able to identify vulnerabilities and protect the database during operations, until errors and vulnerabilities can be fixed. RASP protects your database throughout.
Sensitive data, like configuration files, permissions, and passwords, reside in the file system. The file system is susceptible to coding errors or issues with third party components. This area of the application is likely to see directory and file traversal and authorization vulnerabilities.
RASP technology allows you to monitor runtime execution by defining safe zone for read, or write or both, which can include specific files, file types and the directory structure. Every read or write access outside of the safe zone needs to be reviewed and either approved, or remediated.
The host system itself is a frequent attack target, especially in web applications that process user content, manage file libraries, etc. Hackers attempt to remotely execute processes and applications, often from the command line.
Using RASP enables you to monitor remote execution to approve only selected executable commands and to detect and block anomalies.
Understanding regular and acceptable usage patterns is the best way to secure web applications in today’s threat environment. RASP takes advantage of the commonalities among most web apps, and works within the runtime environment, to be the most efficient, effective, and strongest defense of your web apps.