Application security

更新时间:
复制 MD 格式

ARMS Application Security is a security product based on Runtime Application Self-Protection (RASP) technology that enables applications to protect themselves at runtime. Without modifying any application code, you can install the Application Security agent in an instance to add powerful security capabilities to your application and defend against most attack techniques that exploit unknown vulnerabilities.

Prerequisites

To understand this topic, you should be familiar with the following concepts:

Background

ARMS Application Security is a feature powered by Alibaba Cloud's RASP technology. RASP allows applications to detect attacks and protect themselves at runtime. It operates from inside your application by hooking key functions to monitor real-time interactions with other systems. When RASP detects suspicious behavior, it uses the application's context to identify and block the attack.

By analogy, traditional perimeter security solutions like firewalls and Web Application Firewalls (WAFs) are like protective suits and masks used during a pandemic. They reduce the risk of infection by blocking or filtering transmission paths. RASP, on the other hand, is more like a vaccine. It works from the inside to create antibodies that eliminate viruses upon entry.RASP原理

RASP and WAF are not mutually exclusive; they are complementary. Each has different strengths suited for different business and security scenarios. For comprehensive application protection, combine ARMS Application Security with Alibaba Cloud Web Application Firewall. This combination creates a layered defense with both perimeter and in-app protection, significantly reducing risks such as application intrusions, data leaks, and service disruptions.

Limitations

Application Security currently supports only Java applications.

Features

Vulnerability attack defense

ARMS Application Security helps protect your applications against a wide range of attack techniques, including but not limited to SQL injection, malicious file operations, malicious file uploads, command execution, arbitrary file reads, malicious outbound connections, thread injection, malicious DNS queries, and memory-resident shell injection. Based on RASP technology, Application Security does not rely on static rule sets, which enables it to defend against unknown vulnerabilities, including zero-day vulnerabilities.

Third-party component risk assessment

Application Security automatically identifies and catalogs third-party application components that have security vulnerabilities. It provides a comprehensive overview that includes associated CVE vulnerabilities, the component's full path, the vulnerability's risk level and score, and information about affected instances. This helps your development and security teams inventory risks from third-party components, quickly locate problem details, and prioritize remediation.

Application security monitoring

In monitoring mode, Application Security alerts you to attack behaviors without blocking them, allowing you to fix the corresponding vulnerabilities in a timely manner.

Note
  • Before you can use Application Security, your application must be connected to ARMS Application Monitoring.

  • The ARMS Application Monitoring Java agent must be version 2.7.1.3 or later. You can check the agent version for your applications by logging in to the ARMS console and navigating to the Application Monitoring > Agents page.

FAQ

  1. Does Application Security affect application performance?

    Application Security has minimal impact on application performance, compatibility, and stability. In tests, it adds less than 1% of CPU overhead, uses less than 30 MB of memory, and introduces less than 1 ms of latency (RT). Additionally, Application Security includes features like observation mode and a soft circuit breaking mechanism to minimize interference with your application's runtime.

  2. How do I enable Application Security?

    You can enable Application Security with a single click on the ARMS console. After you enable it, restart the instances for the target application. You do not need to change any code. Application Security currently supports only Java applications. For detailed steps, see Enable Application Security.

  3. How should I use Application Security to protect my applications?

    Attacks that Application Security detects represent real security threats. Compared with traditional detection methods that rely on traffic signatures, Application Security has a very low false positive rate. Therefore, you must take any detected attack seriously. When you first enable Application Security, the default protection mode is monitoring mode. After you confirm that your application is running stably, you can switch to Monitor and Block mode.

For more frequently asked questions about Application Security, see Application Security FAQ.

Contact us

If you have questions about Application Security, consult this documentation or join the Application Security Q&A DingTalk group (Group ID: 34833427) to interact with our product managers and security experts.