Exploit Detection
K2 finds exploitable vulnerabilities in applications by leveraging their normal use cases. A proof of exploit and location of the exploit are provided.
Exploit Detection with K2 Platform
In this section, we outline the steps for exploit detection using the K2 Platform.
Step 1 : K2 Portal and Account Creation
In order to use K2 Platform You need to create an account on K2 Portal.
K2 Portal can be used as SaaS model or you can deploy entire portal on your On-Premises.
K2 Platform is offered as SaaS software and can be used directly visiting SaaS portal i.e. https://k2io.net or if you are an AWS customer then you can buy subscription to K2 SaaS portal on AWS Marketplace.
For more details checkout our page
K2 Portal As SaaSK2 Platform is also offered as On-Premises based solution and can be deployed directory on your local infrastructure or if you are an AWS customer then you can subscribe to K2Cloud AMI and deploy K2 On-Premises portal on AWS.
For more details
K2 Portal On-PremisesStep 2 : K2 Agents Installation
Install K2 Agent in your environment to perform CVE Scan and Vulnerability Detection in your applications.
Choose the environment from tabs below and follow the instructions for agent installation.
Checkout our K2 Agents Installation Page for Node/VM/EC2
Node/VM/EC2Checkout our K2 Agents Installation Page for Kubernetes
KubernetesCheckout our K2 Agents Installation Page for AWS ECS
AWS ECS/FargateK2 Agents Installation Page for AWS Fargate
AWS ECS/FargateStep 3 : Protect Web Applications and APIs
To protect your web applications and APIs, your application must be started with K2's Language Agent.
Please choose your platform and go through K2's language agent installation from below tabs and follow instructions
Checkout our Java Language Agent Installation Page
JavaCheckout our NodeJs Language Agent Installation Page
Node.jsCheckout our Ruby Language Agent Installation Page
RubyStep 4 : Enable Dynamic Scanning
Step 1 : In order to enable dynamic scanning, You have to install Agents in IAST mode and enable dynamic scanning.
Confirm from protected applications that you are using IAST group.
Step 2 : Login to K2 portal to confirm if dynamic scanning is enabled or not.
To enable Enable dynamic scanning which will help us eventually detect exploits automatically, Go to Policy Tab and subsequently Web Applications sub page.
Click on Edit/Show policy at the right side on your preferred policy.
Go to Agent Policy
Enable Dynamic Scanning and set sub properties of dynamic scanning as per your requirements.
Step 5 : Check Results
Detected exploits can be found in exploitable page under Vulnerabilities view.
How to find application and check vulnerability.
Here is a short video explaining all the steps
What Next ?
Learn about how K2HackBot tool can find hidden exploitable vulnerabilities in your application.
K2HackBotLearn about building test cases for exploit detection with K2 Platform.
Run Demo ExploitsLast updated
Was this helpful?