creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 05:34:55 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
780757902b7faeb8d77d034d4faead329cdd6539
Anthropic-Cybersecurity-Skills/skills/implementing-runtime-application-self-protection/references/api-reference.md
T

2.6 KiB
Raw Blame History

API Reference: Implementing Runtime Application Self-Protection

OpenRASP Deployment

# Java agent attachment (Tomcat)
export CATALINA_OPTS="-javaagent:/opt/rasp/rasp.jar"

# Spring Boot
java -javaagent:/opt/rasp/rasp.jar -jar app.jar

# Verify agent loaded
curl -s http://localhost:8080/rasp/status

OpenRASP Configuration (rasp.yaml)

# Detection plugin settings
plugin:
  timeout: 100        # Plugin execution timeout (ms)
  maxstack: 100       # Max stack frames to capture

# Block vs monitor mode
block:
  status_code: 302    # HTTP status on block
  redirect_url: /blocked.html

# Log settings
log:
  maxstack: 50
  syslog:
    enable: true
    url: "udp://siem.example.com:514"
    tag: openrasp

Detection Hooks

Hook Point Attack Type OWASP
sql_query SQL Injection A03:2021
command_exec OS Command Injection A03:2021
file_open / file_read Path Traversal A01:2021
http_request SSRF A10:2021
xml_parse XXE A05:2021
deserialize Insecure Deserialization A08:2021
response_write XSS (reflected) A03:2021
ldap_query LDAP Injection A03:2021
code_eval Remote Code Execution A03:2021

Attack Log Format (JSON)

{
  "attack_type": "sqli",
  "action": "block",
  "client_ip": "192.168.1.50",
  "request_url": "/api/users?id=1 OR 1=1",
  "attack_params": {"id": "1 OR 1=1"},
  "stack_trace": "com.app.UserDAO.findById(UserDAO.java:42)",
  "plugin_name": "sql_injection",
  "timestamp": "2025-06-15T10:30:00Z"
}

RASP vs WAF Comparison

Feature WAF RASP
Inspection point Network perimeter Inside application
Context HTTP request only Request + execution context
False positive rate Higher Near-zero
Encrypted traffic Requires TLS termination Sees plaintext
Deployment Network device/proxy Application library

Python RASP (Flask Middleware Example)

from flask import request, abort
import re

SQL_INJECTION_PATTERN = re.compile(
    r"(\b(union|select|insert|update|delete|drop|alter)\b.*\b(from|into|table|set)\b)",
    re.IGNORECASE
)

@app.before_request
def rasp_check():
    for value in request.values.values():
        if SQL_INJECTION_PATTERN.search(str(value)):
            abort(403, description="RASP: SQL injection blocked")

References

Reference in New Issue View Git Blame Copy Permalink