OWASP Kubernetes Security Testing Guide
Our Vision
“Create a comprehensive manual for Kubernetes Cluster Security Assessment”
We are creating a comprehensive testing guide for Kubernetes cluster security assessment that covers a top down approach to assess the security of a cluster. The guide include methodology, tools, techniques and procedures (TTP) to execute an assessment that enables a tester to deliver consistent and complete results.
Deliverables
Kubernetes Security Testing Guide (KSTG)
The KSTG is (aims to be) a comprehensive manual for Kubernetes security analysts and red teamers. It aims to help DevSecOps Teams understand attacker TTPs and design effective countermeasures. KSTG propose to have the following high-level structure:
- Introduction to Kubernetes Architecture and its Components
- Kubernetes Cluster Threat Model
- Container Security Assessment
- Cluster Discovery and Recon
- Cluster Security Assessment
- Auditing against CIS Benchmarks
Kubernetes Security Testing Checklist
A checklist will be created based on the KSTG. This checklist is meant to be used as a reference by security testers during engagements.
Kubernetes Security Testing Tools
TBD
Example
Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.
Project Roadmap
TBD
Community Meeting
- Slack - TBD
- Mailing list - TBD
Source Code
- https://github.com/OWASP/www-project-kubernetes-security-testing-guide
How to contribute
TBD