OpenRASP

OpenRASP

DEPRECATED
Category: RASP
License: Free (Open-Source)
Visit Website →
GitHub (2900★)

OpenRASP is the most popular open-source Runtime Application Self-Protection solution, developed and maintained by the Baidu security team with 3k GitHub stars and 623 forks.

GitHub: baidu/openrasp | Last Release: v1.3.7 (January 2022)

What is OpenRASP?

OpenRASP (Open-source Runtime Application Self-Protection) is a free, open-source security solution that protects applications from attacks at runtime.

It hooks into the application runtime to monitor and block malicious operations.

Unlike commercial RASP solutions, OpenRASP provides core protection capabilities without licensing costs, making it accessible for organizations of all sizes.

Key Features

Plugin-Based Detection

OpenRASP uses a plugin architecture for attack detection:

  • JavaScript plugins define detection logic
  • Easy to customize and extend
  • Community-contributed plugins available

Supported Attack Types

OpenRASP protects against:

  • SQL injection
  • Command injection
  • File operations attacks
  • XXE (XML External Entity)
  • SSRF (Server-Side Request Forgery)
  • Deserialization attacks

Cloud Management Console

OpenRASP includes a management console for:

  • Centralized policy management
  • Attack event visualization
  • Agent status monitoring
  • Report generation

How It Works

OpenRASP instruments the application runtime using Java Agent technology (for Java) or PHP extensions:

Application Runtime
    └── OpenRASP Agent
            ├── Hooks security-sensitive functions
            ├── Executes JavaScript detection plugins
            └── Blocks or logs malicious operations

Installation

Java Applications

Add the OpenRASP agent to your Java application:

# Download OpenRASP
wget https://github.com/baidu/openrasp/releases/latest/download/rasp-java.tar.gz
tar -xzf rasp-java.tar.gz

# Install to application
java -jar RaspInstall.jar -install /path/to/tomcat

PHP Applications

Install the PHP extension:

# Install extension
phpize
./configure
make && make install

# Add to php.ini
extension=openrasp.so

Configuration

OpenRASP is configured via JSON files:

{
  "block": {
    "status_code": 302,
    "redirect_url": "/blocked.html"
  },
  "inject": {
    "urlprefix": "https://cdn.example.com/openrasp"
  }
}

Limitations

  • Currently supports Java and PHP only
  • Requires application restart for installation
  • Some performance overhead (typically 1-5%)
  • Active development primarily focused on Chinese documentation

When to Use OpenRASP

OpenRASP is ideal for:

  • Organizations wanting open-source RASP protection
  • Java or PHP application environments
  • Teams comfortable with self-hosted security tools
  • Budget-conscious security programs

Note: Project appears inactive. Last release (v1.3.7) was January 2022.

Other RASP Tools

Contrast Protect
Contrast Protect

Application Detection and Response (ADR) Beyond RASP

Datadog Application Security
Datadog Application Security

APM-Integrated Runtime Protection

Dynatrace
Dynatrace

Full-Stack Observability with Built-in Security

Imperva RASP
Imperva RASP

Combines with Imperva WAF

See all RASP tools