Mobile and Client RASP – Runtime Application Self Protection

Gartner defines Runtime application self-protection (RASP) as a security technology that is built or linked into an application or application runtime environment and is capable of controlling application execution and detecting and preventing real-time attacks.

For server-based applications running fully under an organizations control, it might be possible to modify an application’s runtime to add security protections. However, in client, mobile and some server applications, the runtime cannot be altered. In this case, RASP typically needs to be injected into the application itself.

Mobile Apps Need to Protect Themselves

Protecting mobile and client-side apps present a unique set of challenges. They typically reside on a device not owned by the organization that has created them meaning that they operate outside of its perimeter protection. These devices might be running with insecure, out-of-date or compromised operating systems. Applying RASP Technologies at the app level can help companies address some of these challenges.

PreEmptive’s Runtime Application Self-Protection is focused on mobile, client or server apps that are running outside of your organization’s direct control. Some of the active protections include:

  • Keeping an app from running on a compromised (or rooted) device where its underlying data and communications may be easily compromised. 
  • Preventing a production application from being inspected in a debugger, or under an emulator, or with a hooking framework. Hackers probe applications with debuggers to discover critical flaws and vulnerabilities that they can exploit.
  • Stopping a tampered version of an application from running or reducing its functionality. Tamper versions of applications can include malware and the end user is unaware.
  • Prevent an application from running when a hooking framework is present. Hackers use hooking frameworks to inspect runtime behavior and application data, and to modify application behavior at runtime in order to bypass security protections.

PreEmptive Protection for .NET, Java, Android and iOS Apps

PreEmptive’s Runtime Application Self-Protection and App Hardening provides control to manage material risks stemming from unauthorized application decompilation, modification, debugging and data probing that:

  • Does not require coding to secure and harden applications or the deployment of runtime agents to capture and respond to production attacks
  • Fits seamlessly into your preferred DevOps and Secure Application Lifecycle Management process
  • Combines passive and active measures to thwart would be attackers
  • Is used by 400 of the Fortune 500 companies

When implementing client or mobile RASP, applications are protected at the app level. Runtime Application Self-Protection and app hardening are layered, complementary technologies for mobile app shielding. App obfuscation/hardening protects the code at rest, while RASP adds integrity protection to a running mobile application. In addition, app hardening techniques like obfuscation and encryption make it more difficult to tamper or remove RASP technologies.