Hdiv Protection was the RASP component of the Hdiv application security suite.
Datadog acquired Hdiv Security in May 2022, integrating its runtime protection technology into Datadog Application Security Management (ASM). The standalone Hdiv product is no longer maintained.
What was Hdiv Protection?
Hdiv (HTTP Data Integrity Validator) started as a web security framework and evolved into a full RASP solution.
It was known for its unique approach to web application security through data flow integrity validation.
Historical Features
Web Flow Integrity
Hdiv tracked the integrity of web application flows:
- Validated that parameters matched server-side expectations
- Detected client-side manipulation of hidden fields
- Prevented parameter tampering attacks
Data Validation
The platform validated:
- Form field integrity
- URL parameter validity
- Cookie tampering attempts
- Session manipulation
Attack Protection
Hdiv protected against:
- Cross-Site Scripting (XSS)
- SQL Injection
- Cross-Site Request Forgery (CSRF)
- Parameter manipulation
- URL tampering
How It Worked
Hdiv used a unique approach compared to traditional RASP:
Server → Generate page with Hdiv tokens → Client
Client → Submit with tokens → Hdiv validates integrity → Application
By tracking what data the server sent, Hdiv could detect when clients modified that data maliciously.
Current Status
Datadog acquired Hdiv Security in May 2022 and integrated its runtime protection capabilities into Datadog ASM. The standalone product is no longer maintained or supported.
Recommended Migration
Organizations using Hdiv should consider these alternatives:
| Alternative | Type | Notes |
|---|---|---|
| Contrast Protect | RASP | Multi-language RASP |
| Dynatrace AppSec | RASP | Part of observability platform |
| Imperva RASP | RASP | Enterprise-grade protection |
| OpenRASP | RASP | Open-source option |
Migration Considerations
When migrating from Hdiv:
- Inventory protected applications - Document all applications using Hdiv
- Evaluate alternatives - Test new solutions in staging environments
- Plan deployment - Schedule migration windows
- Validate protection - Ensure new solution covers all attack vectors
- Remove Hdiv - Clean up Hdiv dependencies from applications
Technical Notes
Hdiv was available for:
- Java (Spring, Struts, JSF)
- .NET
- Grails
Applications using Hdiv typically required code changes or framework integration to implement protection.
Datadog ASM integration
Datadog announced the Hdiv acquisition on May 10, 2022 as part of a broader push to add runtime security to its observability platform. The Hdiv team and IP were folded into what became Datadog Application Security Management — now rebranded as Datadog Application Vulnerability Management and Application Protection.
The Hdiv flow-integrity approach did not carry over directly. Datadog’s runtime protection is built on the Datadog tracing library, which was already instrumented in most of its customers’ applications. Hdiv’s contribution was the detection logic and the Spanish engineering team’s experience with Java and .NET instrumentation, not the original code paths.
Hdiv was founded in San Sebastián, Spain by Roberto Velasco and Gotzon Illarramendi in 2008, starting as an open-source web security framework before growing into a commercial suite. The acquisition left no standalone Hdiv product — organizations still running the last released version need to migrate to Datadog ASM or one of the listed alternatives.
