Testing methods
RASP
Runtime Application Self-Protection
Runtime Application Self-Protection (RASP) instruments an application so it can detect and block attacks against itself in production, using runtime context to distinguish malicious input from legitimate traffic. RASP is a protective control, not a testing tool - it mitigates exploitation but does not discover or prove the underlying vulnerabilities.
Key points
- Defensive: blocks attacks at runtime using in-app context.
- Reduces exploitation risk but does not find root-cause vulnerabilities.
- Best combined with testing that discovers and proves the flaws.
Related
Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.
Join the waitlist