Web application attacks remain a major attack vector in cyber threats. Technology has matured to detect and prevent network and server level attacks, mainly through vulnerability management and firewall technologies, however, web application protection technologies have not matured as much. While there are a plethora of source-code scanning and black-box penetration testing products and services, they may fail to detect and stop an attack occurring in real time.
Web application firewalls (WAF) are a particular type of network devices that provide a lot of functionality to detect and prevent common web application attacks. However, WAF's have a number of limitations that have hampered their adoption and they are known to be not very effective against targeted, sophisticated attacks.
An alternative class of solution is emerging, classified by some as “runtime application self-protection” (RASP). With RASPs some of the security functions of the WAF are moved into the application or runtime itself. Consequently, the application or runtime itself becomes the security perimeter.
The RASP technologies work mainly by instrumenting code via the runtime's instrumentation API (Java, .NET). RASPs allow for the detection of certain types of attacks. RASPs require certain features and APIs in the actual runtime to allow for the required code insertion, which is typically binary.
The systems and methods disclosed herein protect web applications against web attacks to obviate or mitigate at least some of the aforementioned disadvantages.