Various techniques are known in the art for testing and protecting software applications against security vulnerabilities. A “vulnerability” in this context is a flaw or weakness in the application program that can be exploited by an unauthorized party (also referred to as an attacker) to gain access to secure information or otherwise modify the behavior of the program. For example, static application security testing (SAST) techniques are typically applied in order to detect security vulnerabilities in source code before the code is compiled and run. Dynamic application security testing (DAST), on the other hand, approaches the application as a “black box,” and attempts to find vulnerabilities by bombarding the application during runtime with potentially harmful inputs.
As another example, runtime application self-protection (RASP) techniques can be used to protect software applications against security vulnerabilities by adding protection features into the application. In typical RASP implementations, these protection features are instrumented into the application runtime environment, for example by making appropriate changes and additions to the application code and/or operating platform. The instrumentation is designed to detect suspicious behavior during execution of the application and to initiate protective action when such behavior is detected. RASP techniques are described, for example, in PCT International Publication WO 2016/108162, which is assigned to the assignee of the present patent application and whose disclosure is incorporated herein by reference.