Protect Java Application

Instructions to protect Java application with K2 Platform.

Overview

In this section, we outline the steps for protecting your first Java application with the K2 Platform.

Prerequisites

Please check our support matrix for Java Language Agent.

Language	Frameworks	DBs	Attack Coverage	Deployments
JAVA 8 and above	Tomcat Jetty IBM WebSphere Traditional IBM WebSphere Liberty Weblogic JBoss Adobe Experience Manager(AEM)	MySql PostgreSQL Oracle MongoDB HSQL	SQLI NOSQLI RCE PATH TRAVERSAL FILE INTEGRITY SSRF FILE UPLOAD STORED XSS REFLECTED XSS LDAP XPATH UNTRUSTED DESERIALSATION RCI	Host Mode Container Mode EKS ECS

Steps

Step 1 : K2 Portal and Account Creation

We need to make sure In order to use K2 Platform You need to create an account on K2 Portal.

K2 Portal can be used as SaaS model or you can deploy entire portal on your On-Premises.

K2 SaaS(Recommended)

K2 Platform is offered as SaaS software and can be used directly visiting SaaS portal i.e. https://k2io.net or if you are an AWS customer then you can buy subscription to K2 SaaS portal on AWS Marketplace.

For more details checkout our page

K2 Portal As SaaS

K2 On-Premises

At this point you have successfully created an account with K2 Portal

Step 2 : K2 Agents Installation

Install K2 Agent in your environment to perform CVE Scan and Vulnerability Detection in your applications.

Choose the environment from tabs below and follow the instructions for agent installation.

Node/VM/EC2

Checkout our K2 Agents Installation Page for Node/VM/EC2

Node/VM/EC2

Kubernetes

AWS ECS

AWS Fargate

Windows

Step 3 : Protect Java Web Application

‌To protect your Java web applications and APIs, your application must be started with K2's Java Language Agent.

Please choose your environment and go through K2's Java language agent installation from below tabs and follow instructions

Node/VM/EC2

Checkout our Java Language Agent Installation Page for Node/VM/EC2

Node/VM/EC2

Kubernetes

AWS ECS/EKS/Fargate

Step 4 : Attacking and Preventing first Attack

For demonstration purposes we are creating a docker container with non secure application and running it with our already downloaded K2 Java language agent.

docker run --rm -v /opt/k2-ic:/opt/k2-ic -itd -p 8091:8080 -e OPTS="-javaagent:/opt/k2-ic/K2-JavaAgent-1.0.0-jar-with-dependencies.jar" --name test-sql-injection k2cyber/ic-test-application:sql-injection;

‌SQL Injection Attack

curl 'http://localhost:8080/sqlinjectiondemo-1/UserInformation' -H 'Accept: application/json, text/javascript, */*; q=0.01' -H 'Referer: http://localhost:8080/sqlinjectiondemo-1/' -H 'Origin: http://localhost:8080' -H 'X-Requested-With: XMLHttpRequest' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' --data $'userName=1\'+OR+\'1\'+%23&userPass=&protection=without&dummyData=whatever' --compressed

Now you can go to Attacks section in K2 Manager and see there will be one attack captured by K2 Manager or Alternatively go to Attacks | K2 Portal.

Congratulations you've successfully prevented SQL injection attack.

What Next ?

if you are interested in looking at various genres of attacks prevented by K2 platform, Checkout below page

Run Demo Exploits