Runtime Application Self-Protection with Sqreen.io

116 VIEWS

Security has to be ever-changing. Attackers from all over the world are actively attempting to overcome poorly defended applications for financial gain (or other malicious reasons) 24/7. Defenders are almost always at a disadvantage unless they proactively work on developing secure-by-design solutions. And yet, that still isn’t enough.

But fear not—There are always new tools to help. A new security approach called Runtime Application Self-Protection (RASP) can be used to add another layer of security and cut security risks.

About Application Security and RASP

To better understand what RASP is, let’s describe the development process for developers and architects. When business requirements are created, the development team first designs a solution and then carries it out using the best available tools or frameworks based on the current circumstances.

In most cases, the security aspect of the solution is either baked in the framework or utilities they use, or they have strict requirements and policies. The real verification that security controls are in place happens throughout the development process via code reviews, tests, audits and external assessments.

The interesting part is that the security of the weakest link is usually the most common reason that applications are breached—and every day, more and more attack patterns emerge. Keeping up with the latest threats is a real challenge, so the best we can do is to add extra layers of security with the goal of making the job of a threatening agent more difficult.

RASP fundamentally applies a side-to-side security model to applications. The idea is to have a sidecar application that will check and prevent risky operations from being accepted and executed in the underlying platform.

This is more intrusive than firewalls, as the RASP platform needs to have clear visibility of the content before it can make active decisions. However, as with all such tools, there is a tradeoff—and in this case, it’s accepting false positive or negative incidents that may occur from time to time.

The Sqreen Platform

The Sqreen.io platform promises a complete RASP solution for developers to easily integrate security into their web apps with extensible plugins. Let’s review an example Python application to see how we can increase its security posture.

1. Navigate to Sqreen.io and start your free trial.

2. After registration, follow the onboarding guide for a new application. Choose Python and proceed with the following steps:

1. Install Sqreen

pip install sqreen	

2. Save the activation token

$ echo -e '[sqreen]
token: ' >> sqreen.ini

3. Hook sqreen into your app

import sqreen
from flask import Flask

sqreen.start()


app = Flask(__name__)

@app.route('/')
def hello_world():
    return 'Hello, World!'

The above is a small Flask app with a simple route. Now, to test your RASP protection capabilities, just run the app to register with the platform.

export FLASK_APP=main.py

$ flask run
 * Serving Flask app "main.py"
 * Environment: production
   WARNING: Do not use the development server in a production environment.
   Use a production WSGI server instead.
 * Debug mode: off
 * Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)

Then, navigate to the following URL:

alert(“Cookie”+document.cookie)>http://127.0.0.1:5000/?

You will see the app displaying the Hello, World! text, but this happens because the platform is configured to only monitor by default. If you navigate to the Incidents tab, you will see the following report:

As you can see, the RASP platform correctly identified the request (Unharmful), and gave a list of event information and a list of actionable options. The Sqreen platform has a lot of options for app hardening and security monitoring, and you can read their documentation here.

Conclusion

RASP attempts to prevent malicious activities by monitoring applications and detecting unsafe inputs and behavior. It can be used in an effort to cover a lot of cases where there is a lack of security controls or there are difficulties in updating an existing system. Overall, it makes perfect sense. RASP can add an extra layer of security. Multiple layers of security increase your defenses, and RASP is a quality component that should be seriously considered.

Do you think you can beat this Sweet post?

If so, you may have what it takes to become a Sweetcode contributor... Learn More.


Discussion

Click on a tab to select how you'd like to leave your comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Menu