Protect Python Application

Instructions to protect Python application with K2 Platform

Overview

In this section, we outline the steps for protecting your first Python application with the K2 Platform.

Prerequisites

Please check support matrix for Python application protection.

Language	Frameworks	DBs	Attack Coverage	Deployments
Python 3.x(Active Python Releases)	Django(3.x) and Flask(2.x)	Mongo (pymongo) MySQL (PyMySQL and mysql-connector)	RCE PATH TRAVERSAL FILE INTEGRITY SSRF SQLI NOSQLI FILE UPLOAD STORED XSS REFLECTED XSS, LDAP	Host Mode Container Mode K8s Mode

Steps

Step 1 : K2 Portal and Account Creation

We need to make sure In order to use K2 Platform You need to create an account on K2 Portal.

K2 Portal can be used as SaaS model or you can deploy entire portal on your On-Premises.

K2 SaaS(Recommended)

K2 Platform is offered as SaaS software and can be used directly visiting SaaS portal i.e. https://k2io.net or if you are an AWS customer then you can buy subscription to K2 SaaS portal on AWS Marketplace.

K2 Portal As SaaS

K2 OnPremises

At this point you have successfully created an account with K2 Portal

Step 2 : K2 Agents Installation

Install K2 Agent in your environment to perform CVE Scan and Vulnerability Detection in your applications.

Choose the environment from tabs below and follow the instructions for agent installation.

Node/VM/EC2

Checkout our K2 Agents Installation Page for Node/VM/EC2

Node/VM/EC2

Kubernetes

AWS ECS/Fargate

AWS EKS

Windows

Step 3 : Protect Python Web Application

‌To protect your Python web applications and APIs, your application must be started with K2's Python Language Agent.

Please choose your environment and go through K2's Python language agent installation from the below tabs and follow instructions.

Node/VM/EC2

Checkout our Python Language Agent Installation Page for Node/VM/EC2.

Node/VM/EC2

Step 4 : Attacking and Preventing first Attack

For demonstration purposes we are creating a docker container with vulnerable application and running it with our already downloaded K2 Python language agent.

docker run -v /opt/k2-ic:/opt/k2-ic -e K2_OPTS="/opt/k2-ic/k2-python-agent/driver.py" -itd -p 8000:8000 --name syscalls_python k2cyber/test_application:syscalls_python

‌SQL Injection Attack

curl 'http://localhost:8000/mysql/mysql_execute?email=admin%27+OR+%271%27%3D%271&password=--' \
-H 'Connection: keep-alive' \
-H 'Upgrade-Insecure-Requests: 1' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36' \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' \
-H 'Referer: http://localhost:8000/mysql/mysql_view_execute' \
-H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,hi;q=0.7' \
-H 'Cookie: language=en; welcome-banner-status=dismiss; cookieconsent_status=dismiss; io=XKumtjWl84kJWR1PAAAD; continueCode=4OxrgwN79JokeE6R3qQm4Xj1DAZQhvpTOq0lxYzWaZvyM5PnO2BVp8bLKwR5' \
--compressed \
--insecure

Now you can go to the Attacks section in K2 Manager and see there will be one attack captured by K2 Manager or Alternatively go to Attacks | K2 Portal.

Congratulations you've successfully prevented a SQL injection attack.

What Next ?

if you are interested in looking at various genres of attacks prevented by K2 platform, Checkout below page

Run Demo Exploits