Skip to main content
Version: 2.11

Recommended API Protect Policy

The below is a recommended policy for RASP Java Agent. It is advised that these are first verified on a suitable test system. When verifying, protect() actions may be replaced with detect() actions to enable passive assessment of how the application behaves with the policy in place.

RASP Java Agent Recommended API Protect Policy

app("strict API hardening policy for Java"):
requires(version: ARMR/2.11)

dns("API block any DNS address resolution"):
lookup(any)
api(any)
input(http, database, deserialization)
protect(message: "", severity: High)
enddns

filesystem("API block any file read operations"):
read("*")
api(any)
protect(message: "", severity: High)
endfilesystem

filesystem("API block any file write operations"):
write("*")
api(any)
protect(message: "", severity: High)
endfilesystem

process("API block any process forking operations"):
execute("*")
api(any)
protect(message: "", severity: High)
endprocess

socket("API block any incoming traffic using new connections"):
accept("0.0.0.0:0")
api(any)
protect(message: "", severity: High)
endsocket

socket("API block any outgoing traffic using new connections"):
connect("0.0.0.0:0")
api(any)
protect(message: "", severity: High)
endsocket
endapp