Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Failed to load latest commit information.
Latest commit message
Commit time
March 11, 2022 21:00
February 22, 2022 13:17
September 1, 2018 15:55
October 10, 2018 12:18
February 8, 2021 13:25
February 8, 2021 13:25
December 18, 2017 11:51
October 20, 2022 20:09
March 11, 2022 10:57
December 5, 2019 15:45
December 5, 2019 15:45
December 28, 2018 16:30
December 18, 2018 20:17


Build Status Build Status


Unlike perimeter control solutions like WAF, OpenRASP directly integrates its protection engine into the application server by instrumentation. It can monitor various events including database queries, file operations and network requests etc.

When an attack happens, WAF matches the malicious request with its signatures and blocks it. OpenRASP takes a different approach by hooking sensitive functions and examines/blocks the inputs fed into them. As a result, this examination is context-aware and in-place. It brings in the following benefits:

  1. Only successful attacks can trigger alarms, resulting in lower false positive and higher detection rate;
  2. Detailed stack trace is logged, which makes the forensic analysis easier;
  3. Insusceptible to malformed protocol.

Quick Start

See detailed installation instructions here

We also provide a few test cases that are corresponding to OWASP TOP 10 attacks, download here


1. List of supported web application servers

We've fully tested OpenRASP on the following application servers for Linux platforms:

  • Java
    • Tomcat 6-9
    • JBoss 4.X
    • Jetty 7-9
    • Resin 3-4
    • SpringBoot 1-2
    • IBM WebSphpere 8.5, 9.0
    • WebLogic 10.3.6, 12.2.1
  • PHP
    • 5.3-5.6, 7.0-7.4

The support of other web application servers will also be soon included in the coming releases.

2. Performance impact on application servers

We ran multiple intense and long-lasting stress tests prior to release. Even in the worst-case scenario (where the hook point got continuously triggered) the server's performance was only reduced by 1~4%

3. Integration with existing SIEM or SOC

OpenRASP logs alarms in JSON format, which can be easily picked up by Logstash, rsyslog or Flume.

4. How to develop a new plugin?

A plugin receives a callback when an event occurs. It then determines if the current behavior is malicious or not and blocks the associated request if necessary.

Detailed plugin development instructions can be found here


Technical support:

Business inquires, comments and security reports:

  • General email: openrasp-support #