Runtime application self-protection (RASP) is a technology that can be used to monitor and dynamically respond to potential threats on web applications. RASP is a software component that is integrated into the web application or the runtime environment, and it analyzes the behavior and the context of the application and the requests. RASP can detect and prevent attacks such as SQL injection, cross-site scripting, or buffer overflow, by blocking or modifying the malicious requests or responses. RASP can also provide alerts and logs for the security team or the developers. The other options are not correct. Security Assertion Markup Language (SAML) is a standard that enables single sign-on (SSO) and federated identity management for web applications, but it does not monitor or respond to threats. Web application vulnerability scanners are tools that scan web applications for common vulnerabilities and misconfigurations, but they do not provide real-time protection or response. Field-level tokenization is a technique that replaces sensitive data fields with random tokens, and it can reduce the exposure or the impact of a data breach, but it does not monitor or respond to threats. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 4: Security Architecture and Engineering, page 512. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 4: Security Architecture and Engineering, page 513.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit