search

Exploit Detection

K2 finds exploitable vulnerabilities in applications by leveraging their normal use cases. A proof of exploit and location of the exploit are provided.

hashtag
Exploit Detection with K2 Platform

In this section, we outline the steps for exploit detection using the K2 Platform.

hashtag
Step 1 : K2 Portal and Account Creation

In order to use K2 Platform You need to create an account on K2 Portal.

K2 Portal can be used as SaaS model or you can deploy entire portal on your On-Premises.

K2 Platform is offered as SaaS software and can be used directly visiting SaaS portal i.e. https://k2io.net or if you are an AWS customer then you can buy subscription to K2 SaaS portal on AWS Marketplace.

For more details checkout our page

K2 Portal As SaaSchevron-right
circle-info

At this point you have successfully created an account with K2 Portal

hashtag
Step 2 : K2 Agents Installation

Install K2 Agent in your environment to perform CVE Scan and Vulnerability Detection in your applications.

Choose the environment from tabs below and follow the instructions for agent installation.

circle-info

We recommend to select IAST as your environment and download Installer/Yaml files if you have enabled exploit detection/dynamic scanning on K2 Portal.

Checkout our K2 Agents Installation Page for Node/VM/EC2

Node/VM/EC2chevron-right

hashtag
Step 3 : Protect Web Applications and APIs

‌To protect your web applications and APIs, your application must be started with K2's Language Agent.

Please choose your platform and go through K2's language agent installation from below tabs and follow instructions

Checkout our Java Language Agent Installation Page

Javachevron-right

hashtag
Step 4 : Enable Dynamic Scanning

Step 1 : In order to enable dynamic scanning, You have to install Agents in IAST mode and enable dynamic scanning.

Confirm from protected applications that you are using IAST group.

Step 2 : Login to K2 portalarrow-up-right to confirm if dynamic scanning is enabled or not.

To enable Enable dynamic scanning which will help us eventually detect exploits automatically, Go to Policy arrow-up-rightTab and subsequently Web Applications sub page.

Click on Edit/Show policy at the right side on your preferred policy.

Go to Agent Policyarrow-up-right

Enable Dynamic Scanning and set sub properties of dynamic scanning as per your requirements.

hashtag
Step 5 : Check Results

Detected exploits can be found in exploitable page under Vulnerabilities view.

How to find application and check vulnerability.

Exploitablesarrow-up-right

Here is a short video explaining all the steps

hashtag
What Next ?

Learn about how K2HackBot tool can find hidden exploitable vulnerabilities in your application.

K2HackBotchevron-right

Learn about building test cases for exploit detection with K2 Platform.

Run Demo Exploitschevron-right
PreviousVulnerability DetectionNextK2HackBot

Last updated

Was this helpful?