# 简介

OpenRASP 抛弃了传统防火墙依赖请求特征检测攻击的模式，创造性的使用RASP技术（应用运行时自我保护），直接注入到被保护应用的服务中提供函数级别的实时防护，可以在不更新策略以及不升级被保护应用代码的情况下检测/防护未知漏洞，尤其适合大量使用开源组件的互联网应用以及使用第三方集成商开发的金融类应用。

另外，OpenRASP 提供的IAST解决方案，相比于与传统的DAST方案有着革命性提升。漏洞检测无需动态爬虫或者旁路代理，扫描更全面；结合应用探针准确的识别漏洞类型，通过针对性扫描大幅度提升检测效率；**商业版**新增的动态污点追踪能力，还可以在不扫描的情况下，预判接口是否存在漏洞。

OpenRASP 是经过开源社区大规模验证过的产品，目前客户数量已经过百，QQ群人数超过1800人。如果你在使用过程中遇到任何问题，请加入[我们的技术讨论QQ群](https://rasp.baidu.com/#section-support)，联系我们处理。

### 常用链接

安装部署

* [快速接入](https://github.com/baidu-security/openrasp-docs-old/blob/main/install/software.html)
* [性能测试](https://github.com/baidu-security/openrasp-docs-old/blob/main/performance/main.html)

检测能力

* [检测能力，覆盖场景，以及零规则算法介绍](https://github.com/baidu-security/openrasp-docs-old/blob/main/usage/web.html)
* [CVE 漏洞覆盖列表](https://github.com/baidu-security/openrasp-docs-old/blob/main/usage/cve.html)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://test-730.gitbook.io/openrasp-documents-old/readme.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.