Name: Why All RASP Products Suck! (And Why They're Still the Future of AppSec)
Uploaded: 2023-06-10T16:00:00+00:00
Duration: 12 min 32 s
Description: In this final episode of the core product categories in the *Why All AppSec Products Suck* series, we dive into **RASP (Runtime Application Self-Protection)**—a promising yet complex solution that’s o

2 years ago

Technology AppSec Application Security Web Application Security Application Security Testing Application Security Basics AppSec Program Web security OWASP OWASP Top 10 cyber security

In this final episode of the core product categories in the *Why All AppSec Products Suck* series, we dive into **RASP (Runtime Application Self-Protection)**—a promising yet complex solution that’s often misunderstood. RASP tools sit inside your running app, observing and intercepting potential threats in real time, but their implementation and effectiveness come with important trade-offs.

🔍 **What you'll learn in this episode:**
- How RASP works: real-time defense from *inside* the app
- Why RASP is often better positioned than WAFs to stop threats
- Installation hurdles: agents, instrumentation, and dev-ops coordination
- Challenges with microservices, language support, and performance hits
- Why RASP should be part of your layered security—but not your only line of defense

---

⏱️ **Chapters:**
1. 00:00 – Series context and intro to RASP
2. 01:05 – What RASP is and how it compares to WAF
3. 03:10 – Pros and pitfalls of agent-based instrumentation
4. 05:15 – Stability and language support limitations
5. 07:00 – Microservice headaches: multiple agents, multiple risks
6. 09:10 – Why RASP rocks: visibility, accuracy, and targeted response
7. 10:45 – RASP vs. WAF: a better position in the stack
8. 11:30 – Conclusion: layering tools for smarter defense

---

📚 **This episode is part of a comprehensive series**, where we cover each category of App Sec products:
* SAST: Static Application Security Testing
* DAST: Dynamic Application Security Testing
* IAST: Interactive Application Security Testing
* SCA: Software Composition Analysis
* WAF: Web Application Firewall
* RASP: Runtime Application Self-Protection (Next-Gen WAF)
* Manual Pen-Testing of Applications
(SAST vs DAST vs IAST vs SCA vs WAF vs RASP vs Pen-Testing)

🎞️ **Watch the full playlist**:
[AppSec Product Comparison Series](https://www.youtube.com/playlist?list=PLr15vRqvmtdW-LxrY_fFGNV8ub4_d_Qoc)

---

🌐 **More Content & Resources**
- Website: https://danondev.com
- Twitter: @Dan_On_Dev
- Instagram: @dan_on_dev
- Facebook: @danondev

Loading comments...