software/application-defender | why | h1/h2

Runtime Application Self Protection (RASP)

The Fortify Application Defender is a RASP solution that helps you mitigate risk from homegrown or third-party applications. It provides visibility into application abuse while protecting software vulnerabilities from exploits in real time.

RASP via Fortify Application Defender

Sometimes you need to protect it now and remediate later. Protect your enterprise from some of the most damaging exploits like the OWASP Top 10.

(PDF 127 KB)

In this HPE newsletter, featured Gartner research says RASP is “transformational” and, they recommend “that Gartner clients evaluate emerging vendors and plan RASP adoption when RASP's level of maturity meets their policies.”

HPE newsletter

Application Defender 是应用安全行业领导者 Fortify 推出的一款 RASP 解决方案。

Proven technology

First to market (2007) with App Defender agent instrumentation technology that is also used in Fortify WebInspect and other products

Proven vendor

Experience and security research from a market leader


Part of Fortify’s end-to-end application security capabilities

Application Defender Benefits


  • 通过三个部署步骤快速安装,在几分钟内让防护软件顺利运行
  • 通过预配置漏洞检测规则开箱即可提供保护
  • 通过本地部署或云平台高效管理、报告和扩展



  • 通过代码行详细信息解决安全问题,缩短修复时间
  • 交互仪表板和实时通知显示的可执行信息
  • 持续对实际攻击进行安全监控,以精确定位漏洞来进行保护或修复
  • 灵活输出,使安全运营中心 (SOC) 能够查看应用安全日志及软件漏洞利用
  • 可配置报告,用于风险优化以及跨组织通信



  • 通过点击按钮使用应用内上下文,直接或逐渐停止攻击或安全隐患
  • 运行时应用自我防护 (RASP) 可实时分析应用逻辑和数据流,以发现网络的潜在威胁
  • 准确区分实际攻击和合法要求,极大提高保护准确性并降低误报的机会

What can Fortify Application Defender, our Runtime Application Self-Protection (RASP) Solution, Do for you?

许多 Application Defender 客户的共同之处是需要购买时间和获得控制。 作为一款补偿控制软件,Application Defender 可在您决定何时与如何采用最佳方式修复漏洞时对漏洞进行长期防护。 对于部分客户来说,这款虚拟补丁可永久使用。

查看我们客户应用 RASP 的方式

To Buy Time

A U.S. Pharmaceutical company found more vulnerabilities than they had resources to fix. They use App Defender to defend those vulns as a virtual patch.

For Rapid Resolution

A European cloud-based software company had customers anxious for resolution of a critical vulnerability. To quickly protect the vulnerability across all 60 instances, they deployed App Defender and had their customers immediately protected.

To Broaden Testing

A European major manufacturer’s backlog of vulnerabilities already identified was preventing them from testing additional applications. To protect the vulnerabilities found in Fortify on Demand, with a click of a button, App Defender monitors and protects those vulnerabilities enabling them to scan and test more applications, further reducing their risk.

For Compliance Audit

A U.S. Company had failed a compliance audit and was given 30 days to resolve the issue. Remediation was estimated to require several months to fix. App Defender’s use as a compensating control relieved the immediate audit issue.

For SOC Visibility

A U.S. services company uses App Defender to immediately and consistently see application and user activity and potential exploits, at enterprise scale, without creating custom log parsers for apps not instrumented to create logs.

To Enable DevOps Speed

A U.S. service company uses App Defender to protect vulnerabilities found during rapid DevOps sprints. This compensating control enables DevOps speed while managing risk.

Where RASP fits

Monitor and protect applications, after pre-production security testing, to identify and stop actual exploits.

(PDF 3.21 MB)


Why RASP if I have a WAF?

Context-sensitive instrumentation can distinguish a potential exploit from a successful one so you can confidently identify and stop attacks. See why you need RASP in addition to – or instead of – a WAF.


software/application-defender | benefits | how is fortify

Fortify Application Defender 在哪些方面优于其他 RASP 解决方案?
  • 29 vulnerability categories and 60 logging categories
  • Context-sensitive for fewer false positives and greater instrumentation coverage
  • Send logging and exploit data to any SIEM or log manager
  • Integrated with Fortify on Demand – protect vulnerabilities with a click
  • Build app sec into your DevOps toolchain via RESTful API’s and Swagger integration
  • On-premise or SaaS
  • Point-wise protections and suppressions for surgical protection or white-listing
  • Performance that does not disrupt your application’s purpose
  • Dial-up or dial-down the degree of inspection.
  • Containers simplify enterprise-wide deployment

Try Application Defender Free

Protect one JAVA or .NET application as long as you choose.





Build application security into the entire SDLC


(PDF 3.21 MB)



Are You Addressing Your Greatest Vulnerability?


Data sheet


Application Defender: An application self-protection solution


(PDF 127 KB)



Build Security into DevOps


(PDF 476 KB)



Application Self-Protection Use Cases


White paper


Application Defender performance metrics for Java


(PDF 718 KB)

Related Products, Solutions and Services

Application Security

Fortify Application Security

Static and dynamic application security testing to find and fix vulnerabilities before they can be exploited.


ArcSight ESM

Prioritize security events, so you can protect your business.

Mobile Security

Mobile App Security

Secure your mobile stack from device to network communications to server.

Enterprise Security Consulting

Security Consulting Services

Consulting services to help you get most out of your investment in HPE security solutions.

Enterprise Security Training

Enterprise Security University

Expert instruction to optimize your security operations and your security investments.

Engage with our Application Security Community

Protect Your Assets Blog

Get IT security insights to protect your business ahead of attackers anywhere in the world.

Security Research Blog

Get innovative research, observations and updates to help you proactively identify threats and manage risk.

Protect724 Community

Join the HPE Security community to share, search, collaborate for solutions and gain feedback.

HPE Security on Twitter

Get the latest tweets on hybrid environment risks and defending against advanced threats.

HPE Security on LinkedIn

Connect with experts and discuss the latest info on new threats and risk in hybrid environments.

HPE Software on Facebook

Join with peers and experts to discuss how to make your HPE software work for you.

HPE Software on Google+

Discuss the latest on how to make your enterprise applications and information work for you.

HPE Business Insights

Gain strategic insights from IT leaders who help others define, measure and achieve better IT performances.