|Applies To||RSA Product Set: Web Threat Detection|
RSA Product/Service Type: Forensics
RSA Version/Condition: 6.0
|Issue||A customer may ask how to implement RASP on a WTD Web-enabled server.|
Here is sample customer request --
We are required to implement RASP on all our web-enabled WTD servers. Although RASP is not compatible with nginx, the RASP team is saying there's a potential to use Java in lieu of any web server configurations. The RASP team needs to know where to set Java Options for the application(s). RASP settings usually would go in the same location where the JVM memory settings are set. We need to determine if this is a plausible solution for implementing RASP.
|Resolution||We don't really see a place for RASP with our WTD system. |
There is no JVM enabled for an HTTP serving application.
nginx is only a proxy and we are not using Java for nginx. There is likely not anything could be recommended for a RASP implementation as WTD is not a java application but python based scripted HTML content served through nginx...
and the UIServer, whose function is to hold bits of web content together and serve it to the siteproxy.....
in Java whole application is inside the jvm.. and we do not have any component that serves HTTP(s) to external sources that is within a JVM.
Cassandra is not a web application and is within a jvm.
In summary, there are not any accessible web servers in WTD.
|Notes||What is RASP?|
Runtime application self-protection (RASP) is security software that integrates with an application or its runtime environment during execution and constantly intercepts calls to the application to check their security, permitting those deemed safe and blocking those that could indicate an attack. RASP can protect against application attacks such as SQL injection because it can make sense of the commands involved and distinguish normal sequences from suspicious instructions or requests.