Imperva Runtime Application Self-Protection (RASP)
Runtime application self-protection (RASP) software
Application security software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Imperva Runtime Application Self-Protection (RASP) and its alternatives fit your requirements.
Contact the product provider
Free Trial unavailableFree version unavailable
Small
Medium
Large
- Banking and insurance
- Real estate and property management
- Construction
What is Imperva Runtime Application Self-Protection (RASP)
Imperva Runtime Application Self-Protection (RASP) is an application security tool that instruments applications to detect and block attacks from inside the running app at runtime. It is used by security and application teams to protect web applications and APIs against exploits such as injection, deserialization, and other runtime abuse patterns. The product typically operates via in-app agents and policy controls, aiming to reduce reliance on perimeter-only controls by adding application-context detection and response.
In-app runtime attack blocking
RASP operates within the application process, which allows it to observe execution context (e.g., code paths, inputs, and sensitive sinks) and block certain attacks in real time. This can help when network-layer controls cannot reliably distinguish malicious from legitimate traffic. It is particularly relevant for protecting applications where code changes are difficult or where vulnerabilities may exist between release cycles.
Application-context security telemetry
Because the control point is inside the application, the product can generate security events tied to application behavior rather than only HTTP request patterns. This can improve triage by providing details such as affected endpoints, stack traces, or vulnerable components (depending on configuration and language support). The approach complements other application security tooling by adding runtime evidence of exploit attempts.
Compensating control for known flaws
RASP can serve as a compensating control when patching is delayed, such as during change freezes or when third-party components require coordinated upgrades. Runtime policies can be used to reduce exploitability of certain classes of vulnerabilities while remediation work proceeds. This can be useful in environments where rapid deployment of code fixes is not always feasible.
Language and framework constraints
RASP products typically support a defined set of languages, runtimes, and frameworks, and coverage can vary by version and deployment model. Applications outside supported stacks may not be protectable with the same approach. Teams often need to validate compatibility across services, libraries, and runtime upgrades.
Performance and stability overhead
In-process instrumentation can add latency and resource overhead, especially under high throughput or when deep inspection is enabled. It can also introduce operational risk if agent behavior conflicts with application code, libraries, or APM instrumentation. Careful staging, performance testing, and rollback planning are usually required.
Tuning and operational effort
Effective blocking often requires policy tuning to reduce false positives and avoid disrupting legitimate traffic. Alert volume and rule management can become significant in large microservice environments. Ongoing maintenance is typically needed as applications change, new endpoints are introduced, and attack patterns evolve.
Seller details
Thales Group
Meudon, France
1893
Public
https://www.thalesgroup.com/
https://x.com/thalesgroup
https://www.linkedin.com/company/thales/
