Access your Pro+ Content below.
Is RASP the answer to secure software delivery?
Traditionally, ensuring secure software delivery has meant relying on static scanning and dynamic fuzzing. There’s now an alternative: the runtime application self-protection, or RASP, method. This ISM Insider Edition looks at all that's gone before RASP, including static application security testing (SAST), dynamic application security testing (DAST) and interactive application security testing (IAST), all widely used by security-conscious development teams. Our three security experts consider what RASP does and doesn't offer and where it could fit into your overall application security approach. Their bottom line? That even with all the advantages RASP offers, it cannot replace efforts to build in security at the development stage, nor is it likely the best solution for enterprises running hundreds of apps on their network.
Access this PRO+ Content for Free!
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Features in this issue
Runtime application self-protection could provide more secure software applications after delivery, but you need to recognize its limitations.
Columns in this issue
Editorial Director Robert Richardson says it's easy to question the RASP security model, as it joins the growing list of application security testing acronyms, but the self-monitoring approach may hold merit.
Expert Gary McGraw thinks the way to get software security right is to keep the testing close to the developer environment.