Even with the best prerelease security testing, developers will never write perfectly secure code. Zero-day attacks will continue to target vulnerable open source components, third-party applications, and internally developed code. Web application firewalls provide a helpful protection against such attacks; however, they can only analyze input and output data. Used as a deeper layer of application defense, runtime application self-protection (RASP) tools use insider info of the applications they protect to help security pros more effectively detect and deflect malicious attacks.