Runtime Application Self-Protection (RASP) is a security technology that is designed to protect applications from attacks while the application is running. It works by embedding a security mechanism directly into the application, which allows it to monitor the application's behavior and detect and prevent malicious activities in real-time.
Unlike traditional security measures, which focus on securing the infrastructure and perimeter, RASP provides an additional layer of protection by focusing on protecting the application itself. This makes it particularly effective against attacks that exploit vulnerabilities in the application code or runtime environment.
Mobile RASP is typically implemented using a Software Development Kit (SDK) that is integrated into the mobile application. The SDK can monitor the application's behavior and detect potential security threats in real-time, with minimal changes to the application's code.
Here are the general steps involved in implementing mobile RASP:
There are several use cases for RASP, including the following:
Overall, RASP provides a flexible and powerful security solution that can help organizations protect their applications from a wide range of threats and comply with regulatory requirements while minimizing the impact on application performance.
There are many different RASP solutions available on the market today, and each one is designed to detect and react to different types of threats in different ways. When evaluating potential RASP solutions, it's important to consider factors such as the types of threats that the solution is designed to protect against, the accuracy and effectiveness of the detection and reaction mechanisms, and the impact on application performance.
Approov Runtime Application Self-Protection provides the key features of the above; blocking botnets, malicious scripts, tampered and fake apps and helping to protect against Man-in-the-Middle attacks. Approov's dynamic pinning removes the risk associated with traditional static pinning in the app, and allows app developers to better secure communication between their cloud servers and legitimate instances of their app.
Integration: Approov Runtime Application Self-Protection (RASP) requires some code changes to be implemented in the app's communication code. These changes involve integrating the Approov SDK into the app and configuring it to use the necessary APIs to protect the communication channel. Approov provides quickstart guides to make the integration process as easy as possible. These guides provide step-by-step instructions on how to add the Approov SDK to your app and configure it to work with your backend services.
Monitoring: Once the Approov SDK is integrated into your mobile application, it can monitor the application's behavior at runtime, including network traffic, user interactions, and system events. This allows the SDK to detect and respond to security threats in real-time, providing effective protection against a wide range of attacks. In addition to real-time monitoring and detection, the Approov platform also provides detailed metrics and analytics on the Approov detected activity in your deployed app install base. These metrics can include information on the types of threats that have been detected, as well as whether or not the attestation was a pass or a failure.
Detection: Approov collects monitoring and detection results from the mobile app and sends them to the Approov cloud service for analysis. The cloud service uses a configurable security policy to make a decision about whether to allow or block traffic from the app. The security policy can be customized to include rules that are specific to your app and your organization's security requirements. For example, you can configure rules to block traffic from rooted devices, or to permit traffic from these devices but block traffic that is performing more malicious activities. By configuring these rules, you can ensure that your app's communication channels are protected against a wide range of threats, including malware, phishing, and other types of attacks.
Response: The Approov response is always from the Approov cloud service and includes a signed cryptographic token. Results are normally hidden from the App and only exposed to the app's cloud service which can then decide how to respond to failed attestations. In addition, the Approov cloud service can be configured to provide access to extra state on a successful attestation, such as API keys or other App secrets. Secrets provided in this way are never stored at rest on the device and thus this approach completely removes them from the app installation package.
Updates: The Approov SDK is updated regularly, however in some cases, over-the-air (OTA) updates may be sufficient to dynamically adjust to new threats and ensure that existing deployed apps are protected. OTA security updates are managed by the Approov threats reaction team updating the analysis and detections performed on mobile devices, without requiring users to manually download and install new versions of the app. By using OTA updates, you can ensure that your mobile apps are always protected with the signatures and analysis for the latest threat vectors, without requiring users to take any additional action.
If you’d like to find out more about runtime security please contact us today to speak to one of our mobile API security experts.