Securosis Identifies Benefits of Runtime Application Self-Protection (RASP) in New Report

Research shows firms embracing DevOps are looking for automated security options with the ability to test and identify code vulnerability in pre- and post- production

MONTREAL--()--IMMUNIO, the industry leader in runtime application self protection (RASP), today announced the launch of a research report authored by information security and research firm Securosis entitled, "Understanding and Selecting Runtime Application Security and Protection." The independent report explores how DevOps teams are addressing today's current application security issues and where RASP can provide immediate and measureable benefits within the agile development process.

According to Securosis, "For [DevOps] teams, security products must do more than address application security issues; they need to mesh with continuous integration (CI) and continuous deployment (CD) approaches, while offering automated capabilities and better integration with developer tools." The research paper summarizes how RASP has emerged as a tool that can examine requests at the application layer to detect attacks and misuse in real time, fitting into the agile development process and behaving as its own code — running anywhere the application does.

"We've been examining DevOps for several years now and figuring out how to embed security into the development process is a huge goal for most organizations today. RASP is a technology many are exploring for this very reason, and most teams we talked to for this report were either considering RASP or already engaged in a proof-of-concept project," said Adrian Lane, senior security strategist, Securosis. “RASP solutions are much more effective at attack detection than web application firewalls (WAFs) because — being embedded within the application at runtime — they actually see what’s really happening, and can more effectively apply security controls. Couple that with the ability to scale right along with the application, and it's not hard to see why developers and operations teams are embracing this technology."

The research paper defines RASP and covers the following topics related to the technology:

  • Use Cases: details the primary function of RASP while providing an overview of how it works as it relates to today's market drivers
  • Overview of the Technology: highlights the technical facets of RASP, including deployment models, application integration, detection and blocking capabilities, language support, performance, maintenance and training
  • Integration: outlines how RASP fits both into the technology stack and development process to deliver applications

"Based on Securosis' findings, it's obvious DevOps teams are facing new challenges when implementing fast, agile development processes and WAFs, manual pen testing and static analysis of source code require a lot of manual effort and niche expertise to be effective at detecting vulnerabilities and attacks," said Zaid Al Hamami, CEO and co-founder, IMMUNIO. "RASP is a completely different approach to application security and one the industry is still getting familiar with. The more teams realize how it can benefit them and begin piloting RASP software, the closer we'll get to environments that truly protect applications in real time. Application security technology has evolved, and now you can have both effective security and agile development."

The research report also features a detailed buyers guide for individuals and teams looking to understand how to best evaluate RASP solutions, and avoid the pitfalls that can come with new technologies. The paper is now available for free download at

IMMUNIO is a pioneer in runtime application self-protection (RASP), providing automatic detection and protection against application security vulnerabilities. The company’s mission is to make truly effective real-time web protection technology easily available and widely deployed, and by doing so, stop the biggest source of breached data records. For more information, visit or follow @immunio.


Version 2.0 Communications for IMMUNIO
Katie Kennedy, 617-426-2222

Release Summary

IMMUNIO announced the launch of report authored by Securosis exploring how DevOps teams are addressing today's current application security issues and where RASP fits in.


Version 2.0 Communications for IMMUNIO
Katie Kennedy, 617-426-2222