Many attacks target the application. Network security remains an important layer of defense, but signature-based defenses rely on filters to look for known exploits. A well-known exploit for these solutions is to bypass filters and inject SQL code using comments, capital letters, or encoding, among other techniques. Network defenses that monitor the OSI layers will see parts of the malicious query. Only within the application is the entire query constructed into its fully executable form. Because Application Defender has the complete context from within the application, it can see the full and final query to determine if it is malicious.
A SQL query can be injected into a text data field that lacks input validation. The complete query is constructed within the application.
App Defender sees the full query to accurately distinguish attacks from legitimate requests, as well as the line of code with the vulnerability.
App Defender takes the prescribed action to stop the attack. In this case, the API call in the application is terminated, and an error is displayed on the requestor’s screen.
Event details provides the complete execution path, including the line of code, the full contextual query used within the application and rich attribute details.
Know you are protected. Application Defender stops this critical attack and defends the vulnerable application.
Application Defender is configured with rule packs that analyze actions by users, data anomalies and logic flow to defend vulnerabilities only visible from within the application. Some of the most critical use cases involve cross-site scripting and injection issues. The SANS Institute compared how Runtime Application Self-protection (RASP) detects these threats versus Web Application Firewalls (WAF). Read the SANS report or watch the SANS webinar replay to learn more.
Analysts expect application self-protection to grow substantially because it solves an important problem. Application Defender does not require recompiling code, nor does it change the application code; and, it does not add overhead on the network.