Kubernetes Security

Container orchestration expands the attack surface. We test K8s clusters the way real attackers approach them — from RBAC to pod escapes.

4 articles

Kubernetes Hacking

A Pentester’s Approach to Kubernetes Security — Part 2

Part 2 of Appsecco's Kubernetes pentest series, focusing on overprivileged RBAC, cloud IAM to Kubernetes mappings, and how attackers escape from cluster to cloud.

Appsecco · November 16, 2023 · 6 min

Kubernetes Hacking

A Pentester’s Approach to Kubernetes Security — Part 1

A practical rundown of the most common Kubernetes misconfigurations found during real pentests, covering network policy gaps, exposed API proxies, and service account privilege issues.

Appsecco · November 8, 2023 · 4 min

Kubernetes Hacking

Hacking an AWS hosted Kubernetes backed product, and failing

A transparent pentest post-mortem: how Appsecco attacked a well-architected AWS EKS product, what attack paths were tried, and which security design decisions stopped them cold.

Appsecco · June 2, 2022 · 8 min

Kubernetes Appsec

Kubernetes From an Attacker’s Perspective — OWASP Bay Area Meetup

Slides, video, and Q&A from an OWASP Bay Area webinar on attacking Kubernetes clusters, with live demonstrations on a GKE cluster covering namespace breakouts and host path exploits.

Appsecco · June 3, 2020 · 3 min

Want to know how we test for these issues in your product?

Get a Security Assessment