IDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSEIDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSE
Impactr Logoimpactr
FeaturesHow it worksEvidencePricingLearnCompare
  1. Home
  2. Glossary
  3. RASP

Testing methods

RASP

Runtime Application Self-Protection

Runtime Application Self-Protection (RASP) instruments an application so it can detect and block attacks against itself in production, using runtime context to distinguish malicious input from legitimate traffic. RASP is a protective control, not a testing tool - it mitigates exploitation but does not discover or prove the underlying vulnerabilities.

Key points

  • Defensive: blocks attacks at runtime using in-app context.
  • Reduces exploitation risk but does not find root-cause vulnerabilities.
  • Best combined with testing that discovers and proves the flaws.

Related

IASTDASTWAF

Impactr is an autonomous AI penetration testing platform - it investigates, chains, and proves web and API vulnerabilities with reproducible evidence.

Join the waitlist
← All terms
Impactr Logoimpactr

Built by hackers, for the code you ship. Autonomous AI penetration testing for modern web apps and APIs.

© 2026 Impactr

Product

FeaturesCoverageUse casesEvidencePricingWaitlist

Resources

VulnerabilitiesGuidesComparisonsGlossaryCWE databaseBy industryBy languageHTTP status codesSecurity headers

Company

ContactTwitterLinkedInGitHub