Runtime Application Self-Protection
RASP embeds security controls directly into a running application so it can detect and block attacks against itself in real time, such as injection attempts hitting a database call. Unlike a WAF sitting in front of the app, RASP has full context of the code path being executed. It belongs to the operations end of the lifecycle, acting as a last line of defense for vulnerabilities that slipped through testing.