-
Notifications
You must be signed in to change notification settings - Fork 602
Home
Aaron Lewis edited this page May 8, 2018
·
57 revisions
Unlike perimeter control solutions like WAF, OpenRASP directly integrates its protection engine into the application server by instrumentation. It can monitor various events including database queries, file operations and network requests etc.
When an attack happens, WAF matches the malicious request with its signatures and blocks it. OpenRASP takes a different approach by hooking sensitive functions and examines/blocks the inputs fed into them. As a result, this examination is context-aware and in-place. It brings in the following benefits:
- Only successful attacks can trigger alarms, resulting in lower false positive and higher detection rate;
- Detailed stack trace is logged, which makes the forensic analysis easier;
- Insusceptible to malformed protocol.