Skip to content

baidu/openrasp

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
34 branches 34 tags
Code

Latest commit

@CaledoniaProject
CaledoniaProject Merge pull request #408 from baidu/dependabot/npm_and_yarn/rasp-vue/l…
79ccc0f Jan 4, 2023
Merge pull request #408 from baidu/dependabot/npm_and_yarn/rasp-vue/l… 
…oader-utils-and-html-webpack-plugin-1.4.2

Bump loader-utils and html-webpack-plugin in /rasp-vue
79ccc0f

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github
暂时禁用codeql
March 11, 2022 21:00
agent
DependencyReport使用的Log组件引入错误
March 9, 2022 10:53
cloud
[后台] 修正错误消息描述
February 22, 2022 13:17
docker
bump version number
September 1, 2018 15:55
openrasp-v8 @ 4e1398d
[v8]update v8 to v21
March 9, 2021 03:41
plugins
修复规则插件无法正确过滤content-type
January 4, 2023 10:05
rasp-install
[java]restore lib version
March 11, 2022 18:02
rasp-vue
Bump loader-utils and html-webpack-plugin in /rasp-vue
January 4, 2023 03:40
siem
修正splunkt app多个错误
October 10, 2018 12:18
travis
[PHP]fix travis error
February 8, 2021 13:25
.gitignore
[插件] 默认关闭 1045 错误监控
September 23, 2019 21:05
.gitmodules
feat: add openrasp-v8 as sub module
May 17, 2019 17:05
.travis.yml
[PHP]fix travis error
February 8, 2021 13:25
LICENSE
update(license) new license
December 18, 2017 11:51
README.md
修正 readme 中的拼写
October 20, 2022 20:09
SECURITY.md
Update SECURITY.md
March 11, 2022 10:57
build-cloud.sh
[后台] 更换淘宝NPM地址
February 14, 2022 13:46
build-java.sh
[java] 修正编译问题
March 28, 2021 13:53
build-php5.sh
[PHP]update build.sh
December 5, 2019 15:45
build-php7.sh
[PHP]update build.sh
December 5, 2019 15:45
contributors.md
增加contributors
December 28, 2018 16:30
package-lock.json
modify the vue
December 18, 2018 20:17
readme-zh_CN.md
修正 readme 中的拼写
October 20, 2022 20:09
OpenRASP Introduction Quick Start FAQ 1. List of supported web application servers 2. Performance impact on application servers 3. Integration with existing SIEM or SOC 4. How to develop a new plugin? Contact

README.md

OpenRASP

Build Status Build Status

Introduction

Unlike perimeter control solutions like WAF, OpenRASP directly integrates its protection engine into the application server by instrumentation. It can monitor various events including database queries, file operations and network requests etc.

When an attack happens, WAF matches the malicious request with its signatures and blocks it. OpenRASP takes a different approach by hooking sensitive functions and examines/blocks the inputs fed into them. As a result, this examination is context-aware and in-place. It brings in the following benefits:

  1. Only successful attacks can trigger alarms, resulting in lower false positive and higher detection rate;
  2. Detailed stack trace is logged, which makes the forensic analysis easier;
  3. Insusceptible to malformed protocol.

Quick Start

See detailed installation instructions here

We also provide a few test cases that are corresponding to OWASP TOP 10 attacks, download here

FAQ

1. List of supported web application servers

We've fully tested OpenRASP on the following application servers for Linux platforms:

  • Java
    • Tomcat 6-9
    • JBoss 4.X
    • Jetty 7-9
    • Resin 3-4
    • SpringBoot 1-2
    • IBM WebSphpere 8.5, 9.0
    • WebLogic 10.3.6, 12.2.1
  • PHP
    • 5.3-5.6, 7.0-7.4

The support of other web application servers will also be soon included in the coming releases.

2. Performance impact on application servers

We ran multiple intense and long-lasting stress tests prior to release. Even in the worst-case scenario (where the hook point got continuously triggered) the server's performance was only reduced by 1~4%

3. Integration with existing SIEM or SOC

OpenRASP logs alarms in JSON format, which can be easily picked up by Logstash, rsyslog or Flume.

4. How to develop a new plugin?

A plugin receives a callback when an event occurs. It then determines if the current behavior is malicious or not and blocks the associated request if necessary.

Detailed plugin development instructions can be found here

Contact

Technical support:

Business inquires, comments and security reports:

  • General email: openrasp-support # baidu.com

About

🔥Open source RASP solution

rasp.baidu.com

Topics

security waf iast devsecops rasp

Resources

Readme

License

Apache-2.0 license

Security policy

Security policy

Stars

2.5k stars

Watchers

110 watching

Forks

588 forks
Report repository

Releases 33

Release 1.3.7 Latest
Jan 28, 2022
+ 32 releases

Packages

No packages published

Contributors 27

+ 16 contributors

Languages