JD Cloud RASP Runtime Application Self‑Protection: Architecture, Principles, and Best Practices

With web attacks on the rise, high‑profile vulnerabilities such as Log4j, fastjson, and XStream have repeatedly exposed the security risks of applications that serve as the primary entry point for business traffic.

Traditional defenses—Web Application Firewalls (WAF) and black‑box/white‑box scanning (SAST/DAST)—rely on static rules or pre‑deployment analysis, which are prone to bypasses and require constant updates to keep pace with emerging exploits.

JD Cloud introduces a cloud‑native Runtime Application Self‑Protection (RASP) solution that injects a security “vaccine” directly into the running application process, enabling the application to detect and block attacks—including 0‑day, memory‑horse, and deserialization exploits—without depending on external rule sets.

The RASP engine works by instrumenting critical functions at runtime, capturing high‑risk behaviors in clear text even when traffic is encrypted, accurately identifying malicious actions, and performing real‑time blocking and alerting, thereby reducing false positives and false negatives compared with perimeter‑only solutions.

Its architecture consists of three modules: (1) a Probe module that uses Java Instrumentation to modify bytecode and insert hooks before class loading; (2) a Client module that manages probe configuration, model updates, and anomaly monitoring; and (3) a Cloud Service module that processes logs, provides operational control, and visualizes security posture.

Key application scenarios include asset management, runtime intrusion detection, threat‑vaccine deployment, security baseline enforcement, sensitive data review, hot‑patching for urgent vulnerabilities, and east‑west traffic analysis within micro‑service environments.

Operationally, JD Cloud RASP supports one‑click deployment, gray‑scale rollouts with rollback capability, configurable alert policies, and performance monitoring to ensure business stability while maintaining rapid response to incidents.

In practice, the solution has successfully protected high‑traffic events such as Double‑11 and 618 promotions, demonstrating negligible performance impact and zero false‑block incidents, and has proven effective in national‑level cyber‑exercise simulations against a range of 0‑day and N‑day attacks.

Overall, RASP provides context‑aware, in‑process protection that complements existing depth‑defense strategies, offering strong immunity to emerging threats while acknowledging that no single product can address all security challenges; JD Cloud continues to evolve the platform through iterative upgrades.