Protect against Log4J without patching
Learn More
Protect against Log4J without patching
Learn More

blogRecent NewsK2 Cyber Security | Web Application Firewall | OWASP Top 10


May 11, 2020 By Timothy Chiu, VP of Marketing
Nearly a Million WordPress Sites Targeted in Attacks

Wordfence analysts reported that around 20 million attacks targeted over 900,000 WordPress sites on May 3, 2020.  It was also reported that most of the attacks were attempting a Cross Site Scripting (XSS) attack, hoping to target vulnerabilities in some older and less popular plug-ins found in the WordPress tools.

From a security point of view it’s interesting that the WordPress attack primarily targeted XSS vulnerabilities.  XSS is #7 on the OWASP Top 10 Application Security risks, so you’d think that it’s one of those vulnerabilities that we have control over and can protect applications from new XSS attacks.  But a study done by Mozilla showed that 93% of websites had no protection from XSS attacks.

One of the unique characteristics of XSS attacks it that they affect vulnerabilities on both the client and server side.  Unfortunately, traditional perimeter security tools like WAFs (Web Application Firewalls), require a lot of tuning to make them effective at protecting applications and companies don’t typically have the security resources required to do an adequate job.

So, what can you do to make yourself safe from attacks?

WordFence analysts recommended keeping your site’s plugins and themes up to date with the latest releases (that have patches for known vulnerabilities).  While that helps with protection for known vulnerabilities, it doesn’t protect organizations from true zero day vulnerabilities and attacks.  Organizations need to take application security seriously, starting with protection for well-known problems like the OWASP Top 10 and protection for zero day attacks.  We have to stop the problem when an attack first starts, not after we find the web site or application has been compromised

K2’s runtime deterministic application security platform monitors the application and has a deep understanding of the application’s control flows, DNA and execution.  By validating the application’s control flows, deterministic security is based on the application itself, rather than relying on past attacks to determine a zero day attack.  Deterministic security results in the detection of sophisticated zero day attacks and also protects from application from the risks listed in the OWASP Top Ten.

K2’s Next Generation Application Workload Protection Platform addresses today’s need for runtime security in an easy to use, easy to deploy solution.  K2’s unique deterministic security detects new attacks without the need to rely on past attack knowledge, is lightweight, and adds under a millisecond of latency to the running application.  To aid in quick remediation of vulnerabilities, K2 also provides detailed attack telemetry including the code module and line number being in the code being attacked, while at the same time integrating with leading firewalls to do real time attacker blocking.

Change how you protect your applications.

Find out more about K2 today by requesting a demo, or get your free trial.



Share this

Leave a Reply

Your email address will not be published. Required fields are marked *


K2 Cyber Security delivers the Next Generation Application Security Platform to secure web applications and container workloads against sophisticated attacks in OWASP Top 10 and provides exploitable vulnerability detection during pre-production. K2’s Platform is deployed on production servers for runtime protection of applications and on pen-testing/pre-production/QA servers for interactive application security testing to identify the location of the vulnerable code. K2’s solution generates almost no false positives, eliminates breaches due to zero-day attacks, detects attacks missed by traditional security tools like Web Application Firewalls and host based EDR, finds missed exploitable vulnerabilities and dramatically reduces security cost. K2 Cyber Security is headquartered in the USA and provides cyber security solutions globally.


K2 Cyber Security, Inc.

2580 N. First Street, #130

San Jose, CA 95131