Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

UncategorizedEnhancing Web Application Scanner Results | SQL Injection


April 12, 2021 Timothy Chiu, VP of Marketing
Enhancing Web Application Scanner Results

With the movement to increase security testing during development, also known as “Shift Left”, Dynamic Application Security Testing (DAST) is one of the tools used by organizations to improve their detection rate of vulnerabilities in custom web applications and application workloads.  The goal of DAST is to reduce the amount of vulnerabilities that make it to production.’s Web Application Scanner (WAS) is one of the leading DAST tools available today, and provides a way to black box test your web applications by launching attacks and looking for vulnerabilities in your web applications.

K2 is a Technology Partner is one of K2’s technology partners, and K2’s vulnerability detection can enhance the testing results generated by a WAS test.  K2’s Security Platform is a complementary addition to WAS that offers 3 significant benefits to a standalone WAS scan.

Benefits of K2 with WAS

  • Detect vulnerabilities missed by’s WAS
  • For all detected vulnerabilities (by K2 and Tenable), provide additional telemetry to enable developers to remediate quickly, including proof of exploitability
  • Help identify possible false positives from WAS

No Change to the WAS Testing Environment

With K2, there’s no change to the existing WAS testing and environment.  K2’s agent runs on the application server under test, uses standard application instrumentation, like that used for Application Performance Monitoring (APM). By running on the application server and instrumenting the running code, K2 gets visibility into the running application that WAS lacks.

How K2 Improves Application Security

K2’s solution sits on same server as the application under test, and has visibility into the execution of the code as it’s running in memory.  By residing on the server, K2 gets visibility that WAS lacks as an edge testing server.

With this additional visibility K2 can see vulnerabilities being triggered in code, even if responses back to Tenable,io WAS do not indicate a vulnerability.  In our testing with customers we typically find additional significant vulnerabilities that would have made it to production without the addition of K2 to the testing environment.

In addition, for vulnerabilities discovered by WAS, K2 can provide significant additional telemetry to the details of the vulnerability being reported by, including exact location of the vulnerability down to the filename and line of code where the vulnerability resides.  In addition K2 will provide proof of exploitability and a stack trace to help the developer remediate the vulnerability quickly.

K2 can also help identify any false positives that may have been generated by’s WAS scan.  Because K2 resides on the application server and has additional visibility, K2’s agent can also see that no vulnerability was triggered, when believes there to be a vulnerability.  For results matching this scenario, these vulnerabilities can be treated as false positives, to reduce the amount of time developers spend researching vulnerabilities that are more likely to be false positives.

Improve how you test your applications, include K2 Cyber Security in your Web Application Scanning and get results that your developers can use.

Find out more about K2 today by requesting a demo, or get your free trial.



Share this

Leave a Reply

Your email address will not be published. Required fields are marked *


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131