Checkmarx Releases New CxRASP Platform Offering Runtime Application Self Protection

Checkmarx has announced the launch of its Runtime Application Self-Protection (RASP) solution, CxRASP, which utilizes two-point instrumentation technology to continuously observe an app’s bidirectional data flow, enabling the detection and defense against real-time attacks.

CxRASP is the latest addition to the Checkmarx Application Security Hub which provides solutions for application security throughout the software development lifecycle as well as while in production.

As the company, “Existing Web Application Firewalls (WAFs) act as external devices monitoring the input without a clear understanding of the logic behind the app’s data flows and behavior. Implementing a solution that fails to properly distinguish between legitimate input and attacks on apps such as SQL Injection and Cross-Site Scripting can lead to false-positive diagnoses that hinders the overall effectiveness of the solution and could harm the organization’s business activity. As a result, analysts estimate that 90% of all WAFs operate in alert mode and are not actually used for blocking attacks.”

The Checkmarx technology “listens” at each interaction junction of the app, covering access points between the application and the user, the database, the network, and the file system, respectively. With visibility into the app’s input and output, CxRASP tailors the protection mechanism to the specific flow within the application to achieve detection accuracy in real-time. The product flags suspicious activity when it enters the app, and then verifies if it is actually malicious at the output to minimize false positives and false negatives. When an attack is identified, the organization is alerted and instructions are sent on how to fix the vulnerability. 

CxRASP is available as a stand-alone platform. Alternatively, the product can be integrated with Checkmarx’s Static Application Security Testing (SAST) CxSuite Solution as well as other SAST vendors, offering application protection both during and following the development process. Because it does not rely on network traffic, CxRASP eliminates SSL issues, new protocol parsing, strong decoding, and signature-based threats and obliterates complex regexes.

More information is available on the Checkmarx website.