RASP techniques are used to protect software applications against security vulnerabilities by adding protection features into the application. In typical RASP implementations, these protection features are instrumented into the application runtime environment, for example by making appropriate changes and additions to the application code and/or operating platform. The instrumentation is designed to detect suspicious behavior during execution of the application and to initiate protective action when such behavior is detected.
RASP is thus different from, and may be complementary to, static application security testing (SAST) and dynamic application security testing (DAST). SAST techniques are typically applied in order to detect security vulnerabilities before the code is compiled and run. DAST approaches the application as a “black box,” and attempts to find vulnerabilities by bombarding the application during runtime with potentially harmful inputs.