How it works
Project RASPunzel brings RASP to the next level by synthesizing lightweight security monitors that can run along a production application and prevent attacks in real-time.
When it comes to security, there is no one-size-fits-all solution. RASPunzel, aims to continuously synthesize, update, and deploy custom RASP monitors based on data collected from the applications themselves.
Different vulnerabilities also call for different monitors and synthesis strategies. Our current research focus is regular expression, and grammar inference applied to the synthesis of lightweight deserialization and injection (e.g. SQLi, XML, and others) monitors.