Software application security firm Checkmarx launched its Runtime Application Self-Protection (RASP) solution, CxRASP, which uses unique two-point instrumentation technology to continuously observe an app’s bidirectional data flow.
Designed to enable the detection and defense against real-time attacks, CxRASP is the latest addition to the company’s Application Security Hub, which provides a range of solutions to ensure application security throughout the software development lifecycle as well as while in production.
“Any organization that sells software, be it Microsoft, SAP, Adobe or Salesforce.com, or uses software as part of its ongoing business operation and would like to protect its data—this could include most medium to large organizations,” Asaph Schulman, vice president of marketing at Checkmarx, told eWEEK.
Checkmarx’s technology listens at each interaction junction of the app, covering access points between the application and the user, the database, the network and the file system, respectively. As of now, CxRASP covers SQL injection, cross-site scripting (XSS) and file manipulation, and the list is expanding, Schulman said.
With visibility into the app’s input and output, the CxRASP solution tailors the protection mechanism to the specific flow within the application to achieve improved detection accuracy in real time.
The product flags suspicious activity when it enters the app, and then verifies if it is actually malicious at the output to minimize false positives and false negatives.
When an attack is identified, the organization is alerted and instructions are sent on how to fix the vulnerability.
The product is also integrated with the company’s Static Application Security Testing (SAST) CxSuite Solution and may be integrated with other SAST vendors, ensuring application protection both during and after the development process.
When it comes to application security technology, static code analysis is gaining a lot of momentum, and the company sees a huge trend of organizations looking to align quality-assurance testing alongside application security testing as an integral part of their software development lifecycle environment, Schulman said.