Protect Ruby Application

Instructions to protect Ruby application with K2 Platform

Overview

In this section, we outline the steps for protecting your first Ruby application with the K2 Platform.

Prerequisites

Language	Application Server	Frameworks	DBs	Attack Coverage	Deployments	Ruby Interpreter
Ruby 2.6	Puma Passenger Unicorn Webrick	Rails version 6.0 Sinatra	SQLite 3 Mysql2 Mongo PostgreSQL Amazon Aurora (MySQL) Amazon Aurora (Postgres SQL)	RCE SQL Injection File Access File Integrity SSRF Xpath LDAP RCI RXSS Stored XSS NoSqli (for Mongo only)	Host Mode Container Mode EKS ECS	MRI

Steps

Step 1 : K2 Portal and Account Creation

We need to make sure In order to use K2 Platform You need to create an account on K2 Portal.

K2 Portal can be used as SaaS model or you can deploy entire portal on your On-Premises.

K2 SaaS(Recommended)

K2 Platform is offered as SaaS software and can be used directly visiting SaaS portal i.e. https://k2io.net or if you are an AWS customer then you can buy subscription to K2 SaaS portal on AWS Marketplace.

K2 Portal As SaaS

K2 On-Premises

At this point you have successfully created an account with K2 Portal

Step 2 : K2 Agents Installation

Install K2 Agent in your environment to perform CVE Scan and Vulnerability Detection in your applications.

Choose the environment from tabs below and follow the instructions for agent installation.

Node/VM/EC2

Checkout our K2 Agents Installation Page for Node/VM/EC2

Node/VM/EC2

Kubernetes

AWS ECS/Fargate

AWS EKS

Windows

Step 3 : Protect Ruby Web Application

‌To protect your Ruby web applications and APIs, your application must be started with K2's Ruby Language Agent.

Please choose your environment and go through K2's Ruby language agent installation from below tabs and follow instructions

Node/VM/EC2

Checkout our Ruby Language Agent Installation Page for Node/VM/EC2

Node/VM/EC2

Kubernetes

AWS ECS/EKS/Fargate

Step 4 : Attacking and Preventing first Attack

For demonstration purposes we are creating a docker container with vulnerable application and running it with our already downloaded K2 Ruby language agent.

docker run -v /opt/k2-ic:/opt/k2-ic -e K2_OPTS="/opt/k2-ic/k2-ruby-agent.gem" -itd -p 3000:3000 --name demo-app k2cyber/ic-test-application:ruby-demo

‌SQL Injection Attack

curl 'http://localhost:3000/sqli-attackcase?input=abc%27+or+%271%27%3D%271' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1' -H 'DNT: 1' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' -H 'Referer: http://localhost:3000/sqli/sqlinjectionattackcase' -H 'Accept-Language: en-US,en;q=0.9,hi;q=0.8' --compressed --insecure

Now you can go to Attacks section in K2 Manager and see there will be one attack captured by K2 Manager or Alternatively go to Attacks | K2 Portal.

Congratulations you've successfully prevented SQL injection attack.

What Next ?

if you are interested in looking at various genres of attacks prevented by K2 platform, Checkout below page

Run Demo Exploits