Configuring BitFire RASP features

version 3.5.1+

BitFire RASP configuration guide - advanced options.

Cory Marsh
Cory Marsh
Share:
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming videos on BitFire's you tube channel.
security can be complex
Configuring Runtime Application Self Protection

RASP Overview

RASP (Runtime Application Self-Protection) is a technology that provides application-level security by monitoring and protecting applications in real-time, whereas a WAF (Web Application Firewall) is a network-level security system that protects web applications by filtering and monitoring incoming HTTP traffic. RASP and WAF are both useful for protecting web applications, but they have some differences:

RASP is more closely tied to the application itself and can provide protection at the application level, whereas WAF operates at the network level and can only provide protection for the application by inspecting incoming traffic.

RASP can detect and prevent attacks that are not detectable by WAF because it has visibility into the application's execution.

RASP can block attacks in real-time, while WAF can only block attacks after they have been detected and flagged as malicious.

Overall, both RASP and WAF can be effective in protecting web applications, but RASP may provide more comprehensive protection because it operates at the application level and can detect and prevent attacks in real-time.

security can be complex
Configuring Runtime Application Self Protection

Block WordPress Scanners

WordPress scanners search the Internet looking for websites containing vulnerable WordPress themes and plugins. These sites are added to lists for later attack. The scanners work by looking for known files and known file versions of vulnerable code. BitFire Scanner protection blocks scanners from accessing these file signatures.


RASP FileSystem Protection

RASP FileSystem protection works by inspecting any file access. If a theme or plugin attempts to access a file that is not PHP code, the file access is allowed as long as it is within the web root directory. If a PHP file is opened for writing, BitFire will perform an access control check to ensure that the user is a valid Administrator.


This prevents many of the worst plugin and theme vulnerabilities from being exploited and installing backdoor software.


RASP Database Protection

Enabling RASP Database protection will allow BitFire to examine every SQL query run on the database. The filtering adds less than half of a millisecond of delay for even the heaviest pages. Database protection be default prevents and vulnerabilities from creating backdoor accounts or from upgrading low privilege accounts to administrator level access.


This prevents many of the worst plugin account takeover and other privilege escalation vulnerabilities.


RASP Browser Protection

Enabling RASP Browser protection will build a profile of all client side code used on your website over the course of a month. Once this profile has been built and is stable, the profile will automatically start enforcing the content security policy. This policy is sent to every web browser instructing them of what code is allowed to run on the website.

If for any reason the website becomes compromised or a linked JavaScript resource becomes hacked, the Content Security Policy will prevent it from running on your visitor's web browsers.


This prevents most client side attacks, including browser redirect attacks.


Multi Factor Authentication

Enabling multi factor authentication will add an entry field to your CMS user editor for adding an external phone number for multi-factor authentication. If you do not add a multi-factor authentication phone number, your activated e-mail address will be used instead.


This feature must always be enabled to be eligable for the money back guarentee. If you lose access to your MFA email and phone-number, you must disable this feature by editing config.ini to login to your site.

Cory Marsh
Cory Marsh
Share:
Cory Marsh has over 20 years Internet security experience. He is a lead developer on the BitFire project and regularly releases PHP security and programming videos on BitFire's you tube channel.