Overview

Organizations are under constant pressure to deliver applications from development to production as quickly as possible. The prioritizing of speed over security has led to an increase in the number of vulnerabilities found in released code, resulting in costly attacks on web applications.

K2 offers a revolutionary approach to the detection of attacks and vulnerabilities, including the OWASP Top 10. K2’s Security Platform is based on a unique, patent-pending technology called Optimized Control Flow Integrity (OCFI).
OCFI uses a deterministic approach to security; its innovative design approach creates a unique map or DNA for each application, allowing K2’s Security Platform to verify that the function and API calls are operating the way the code was written and intended. Zero day exploits and other vulnerabilities are immediately identified as a deviation to the code’s correct execution. K2’s technology has 8 patents granted/pending.

K2’s Security Platform can be used during DAST/penetration testing to improve vulnerability detection and has a second use case, where K2 is deployed on production servers for runtime protection of applications.

Current penetration tools create too many false positives and provide limited information on vulnerabilities, making finding and fixing vulnerabilities time consuming and laborious. When K2 discovers a vulnerability, such as SQL injection, XSS, Remote Code Injection, and others, it provides complete visibility including the exploit payload, the line of code, and the file name that contains the vulnerability. This level of granularity enables developers to start the remediation process quickly. K2 can also be used to locate false positives from DAST testing and to find additional missed vulnerabilities during testing. In recent customer testing, K2 identified 50% more vulnerabilities than with standard testing tools alone.

K2’s Security Platform is easy to install and can be deployed in the cloud, on premise or in hybrid environments.