Instructions to protect Node.js application with K2 Platform.
Overview
In this section, we outline the steps for protecting your first Node.Js application with the K2 Platform.
Prerequisites
Please check our Node.js support matrix
Language
Frameworks
DBs
Third Party Module support
Attack Coverage
Deployments
Node version 8 to 12 (LTS versions)
Express 4.x
Koa 2.x
Hapi 17.x, 18.x, 19.x
Mysql
PostgreSQL
Oracle
MongoDB
BlueBird3.x
Sequelize Mongoose
MongoDb-core Generic-pool Multer
SQLI
NOSQLI
RCE
PATH TRAVERSAL
FILE INTEGRITY
SSRF
FILE UPLOAD
STORED XSS
REFLECTED XSS,
LDAP
XPATH
UNTRUSTED DESERIALSATION
RCI
Host Mode
Container Mode
EKS
ECS
K2 doesn't guarantee support for old or deprecated versions of third-party modules.
If you run the agent on frameworks that aren't supported, K2 Node Agent may produce less-specific findings than it would for supported frameworks.
Steps
Step 1 : K2 Portal
We need to make sure we are using K2 platform in either SaaS model or On-Premises installed.
K2 Portal can be used as SaaS model or you can deploy entire portal on your On-Premises.
K2 Platform is offered as SaaS software and can be used directly visiting SaaS portal i.e. https://k2io.net or if you are an AWS customer then you can buy subscription to K2 SaaS portal on AWS Marketplace.
K2 Platform is also offered as On-Premises based solution and can be deployed directory on your local infrastructure or if you are an AWS customer then you can subscribe to K2Cloud AMI and deploy K2 On-Premises portal on AWS.
For demonstration purposes we are creating a docker container with non secure application and running it with our already downloaded K2 Node.Js language agent.
SQL Injection Attack
Now you can go to Attacks section in K2 Manager and see there will be one attack captured by K2 Manager or Alternatively go to Attacks | K2 Portal..
Congratulations you've successfully prevented a SQL injection attack.
What Next ?
if you are interested in looking at various genres of attacks prevented by K2 platform, Checkout below page
