RASP | BestHub

JD Tech

May 26, 2023 · Information Security

JD Cloud RASP Runtime Application Self‑Protection: Architecture, Principles, and Best Practices

This article examines JD Cloud's Runtime Application Self‑Protection (RASP) technology, detailing its background, architecture, working principles, security advantages over traditional WAF and SAST/DAST, practical 0‑day protection examples, deployment scenarios, operational practices, and real‑world performance in large‑scale promotions and national‑level cyber‑exercises.

Cloud NativeRASPRuntime Protection

0 likes · 14 min read

JD Cloud RASP Runtime Application Self‑Protection: Architecture, Principles, and Best Practices

DevOps Cloud Academy

Jul 21, 2022 · Information Security

Insights on DevSecOps and Code‑Vaccine Technology from XMirror Security Founder

In a detailed interview, XMirror Security founder Zi‑Ya discusses the origins of his team, the core elements of DevSecOps, the innovative code‑vaccine technology combining IAST and RASP, maturity stages of development security in China, and future trends in software‑supply‑chain security.

Code VaccineDevSecOpsIAST

0 likes · 10 min read

Insights on DevSecOps and Code‑Vaccine Technology from XMirror Security Founder

DevOps Cloud Academy

Jun 5, 2022 · Information Security

Critical Remote Code Execution Vulnerability CVE-2022-26134 in Atlassian Confluence – Description, Impact, and Mitigation Steps

Atlassian Confluence suffers a severe, easily exploitable remote code execution flaw (CVE-2022-26134) that allows unauthenticated attackers to run arbitrary commands, affecting multiple versions and prompting both official upgrade recommendations and detailed temporary mitigation procedures, while Xmirror's Cloud Shark RASP offers innate protection.

CVE-2022-26134ConfluenceRASP

0 likes · 9 min read

Critical Remote Code Execution Vulnerability CVE-2022-26134 in Atlassian Confluence – Description, Impact, and Mitigation Steps

58 Tech

Mar 15, 2022 · Information Security

Research and Practice of IAST/RASP: Instrumentation, Taint Analysis, and Integration with SkyWalking

This article surveys IAST and RASP technologies, detailing Java bytecode instrumentation methods, passive probing techniques, taint analysis algorithms, integration with SkyWalking, and compares their capabilities with SAST and DAST, providing practical implementation guidance and reference resources.

IASTJava instrumentationRASP

0 likes · 14 min read

Research and Practice of IAST/RASP: Instrumentation, Taint Analysis, and Integration with SkyWalking

Ctrip Technology

Oct 15, 2020 · Information Security

Deploying OpenRASP IAST at Ctrip: Architecture, Challenges, and Data‑Pollution Prevention via Bytecode Instrumentation

This article describes Ctrip's practical deployment of OpenRASP‑based IAST, outlines the challenges of data pollution caused by traffic replay, and presents a Java bytecode instrumentation solution that intercepts SocketOutputStream writes to prevent dirty data from persisting in databases, caches, and message queues.

Data PollutionIASTJava

0 likes · 9 min read

Deploying OpenRASP IAST at Ctrip: Architecture, Challenges, and Data‑Pollution Prevention via Bytecode Instrumentation