RASP integrates security directly into application runtime — detecting and blocking attacks in real-time from inside the application, with full context of what's happening.
RASP sees attacks from inside the app (full context) unlike WAF (external). Can terminate malicious function calls. Complements WAF rather than replacing it. Useful for protecting apps you can't rewrite with secure code.