welcome back to where we're in less than seven point to talk about rasp and the software composition analysis specifically in the monitoring phase.
Well, look at their *** functionality than differentiate between a rasp. And I asked, The rasp is just an extension of the I s tool, but they built it with the ability to block
it will also identify some other *** limitations and then describe suffer competition analysis in monitoring.
So the rasp is run time application, self protection. It's It helps prevent exploit toe exploitation within the application server. On the right, you can see a screenshot of oven example, and the next lesson I'll actually do a demo of the tool.
So it should work in tandem with the Web application firewalls and it doesn't resolve application vulnerabilities. It just tries to protect them as best is it as best it can keep them from any of these attacks reaching the app
you would want really this you want to use this as a as a stop gap measure between the time where you discoverable inability when you can fix it
so it may not protect all parts of the application is gonna do is best that can There. Maybe it's all based on signatures and taking this telemetry data and basing it off patterns, the attacker may perform some novel attack. That that the rest may not be able to identify
is obviously gonna be some performance reduction because it's intercepting, called and performing some validation on them.
the tool again, I'm going to use what we used at the I asked before. But it's the community. Addition of contrast, the commercial version they call protect.
So questions. Should you rely on a rasp as a primary defense?
No, you should think of it as part of a suite of solution, as is things defense in depth.
Um, you'd want your web application firewall blocking tax because it is gonna have a lot of signatures that that it knows how to when they get they may get updated a little more frequently or at a different scale, or a different, uh,
timeline than the rasp does.
You also want to do you be doing vulnerability scanning, identifying these vulnerabilities you don't want just grasp tool out there just
blocking it and think it's gonna be able to capture everything, and I don't have to do any vulnerability scanning. I'll just get to it whenever I get a chance.
And then, obviously you wouldn't. This robust def sec ops pipeline where you're identifying vulnerabilities and maybe identifying third party libraries that have vulnerabilities in them as well.
So we've looked at S EA before, but they're asked who has the abilities in the same way that the I asked tool does is that it can constantly evaluate your third party libraries that are in there. And it can be it. Because this constant stream pulling down from the N. V. D database of these new vulnerabilities
that may help automate your dependency discovery,
you could have a policy based triggers again. This is the same tool that we've been using three community edition of contrast. They have their commercial version, that which they call the contrast O. S s.
And there's quite a few other commercial arrest tools out there. You can take a look at these. You get evaluate, see which one is the right one for your organization. Which one is supports the software that you're running on it, that's your applications are built on.
I just used again. I used the contrast tool because it's one of the only open source I could find. And it
had this robust capabilities in there to do that. I asked and the commercial, but also so I could give you a live demo just versus Screenshots.
We talked about rasp in S C A concepts specifically in the operations and monitoring and next all demo the tool.