Skip to main content

Feature Overview

ASPM is a brand-new application security posture management platform that helps applications capture and block malicious attack behaviors during runtime, including common security vulnerabilities such as SQL injection, deserialization, memory shells, etc. It provides real-time monitoring and protection for applications deployed on servers and Kubernetes. Based on the newly designed Agent architecture on top of performance monitoring, the system provides comprehensive data collection capabilities.

ASPM has the following features:

  • Adopts a brand-new application Agent architecture that can provide comprehensive business, performance, and security data collection with almost no impact on monitored application performance, while greatly reducing JVM virtual machine resource consumption. It also introduces a new Agent management system that can perform online batch upgrade deployments of Agents.
  • Introduces the concepts of business systems and service groups to better categorize, organize, and visualize applications within business systems. For details, please refer to the Tingyun Application & Microservices User Manual.
  • Since the ASPM is deeply integrated with applications, it can obtain application runtime environment and context information, including user input, request parameters, session status, etc., thereby more accurately identifying and blocking potential deep security threats.
  • Introduces component risk identification capabilities. In an application, there are usually various third-party components, libraries, frameworks, etc. These components may have known vulnerabilities or security issues, bringing potential security risks to the application. Through ASPM, these components can be comprehensively scanned and analyzed to discover potential risks and take timely remediation measures.
  • Introduces API asset management capabilities. Upon the initial run of the application, it automatically captures and displays a comprehensive inventory of all API assets through mechanisms such as Servlet loading or Router registration. Based on the comprehensive API asset inventory, it can identify zombie and shadow APIs and other infrequently used business API interfaces, providing objective basis for user risk convergence.
  • Introduces API interface security capabilities, using API interface dimensions to reversely identify and locate security events, including API unauthorized access, system command execution, outbound requests, login success/failure, sensitive information download, etc. It can more accurately locate issues and analyze potential security threats based on the business perspective of API interfaces.
  • Through the introduction of business security detection functions, it provides real-time security detection for common business scenarios, supporting custom configuration of analysis rules for common business behaviors in combination with business scenarios, including but not limited to brute force attacks, credential stuffing, batch web scraping, malicious registration, password reset, payment anomalies, etc.