We’re excited to share a new tool that we’ve developed here at Ksense Tech.
Introducing the Knack Vulnerability Check – An easy way for non-coders to audit their Knack application.
Give it a try here:
What is the Knack Vulnerability Check?
This tool is designed to identify exposed API keys in your Knack applications. It’s simple to use – just paste the URL of your live Knack application (note: Builder URLs are not supported) into the tool, and it scans for vulnerabilities.
Why Did We Create This Tool?
In our recent projects, we’ve noticed a troubling trend: many Knack applications we acquire already have code containing vulnerabilities. This is particularly concerning for clients who may not have the technical expertise to audit their applications for security risks. That’s why we created this script. It checks your application’s code for vulnerabilities and alerts you to any issues found.
The Risk of Exposed API Keys
An exposed API key is a serious vulnerability. If a key is visible in your code, anyone – without even logging into your application – can access, modify, or even delete your data. It’s a risk no one should have to take.
Open Source and a Call to Action
Our tool is open source and available here. We strongly urge Knack to consider integrating a form of this tool into the Knack builder.
How does the Knack Vulnerability Check work?
What about data privacy and security?
Your privacy is paramount. Our tool operates on a strict no-data-retention policy. Being open source, you can confidently review our code to ensure we don’t store any data about your application or its vulnerability status.
What motivated the development of this tool?
In just this month, we’ve encountered three Knack projects compromised by previous developers. Recognizing the challenge for those without coding expertise to ensure app safety, we developed this tool. It’s not just a safety net for your data, but also a step towards urging Knack to integrate such security measures natively.
Cost and Accessibility of the Tool
The tool is entirely free and open source. You’re welcome to explore the code to understand its workings. This transparency is part of our commitment to user trust and security.
Recommended Usage Frequency
Scope of Vulnerability Detection
Currently, our tool only detects exposed Knack API keys - the most frequently encountered vulnerability. It does not check for other types of vulnerabilities at this time.
Impact on Application Performance
Efficiency is key. Our tool operates externally, meaning it has no impact on your application’s performance. All processing is handled on our dedicated server. You’re also welcome to self host the tool if you would like.
Compatibility with Knack Applications
The tool is tailored for standard Knack applications hosted on Knack’s servers. It is not compatible with self-hosted or custom-domain Knack applications.
Does the Knack Vulnerability Check inspect injected or lazy-loaded code?
We believe this tool is a step towards more secure Knack applications, and we encourage all Knack users to give it a try. Protect your data, protect your application, and maintain the trust of your users.
Ksense Technology Group