Penetration Testing Best Practices
Some interesting insights on how to get the most of your pentest: from selecting the right vendor to proper project management.
Container security audit
While containers dramatically optimise deployment speed and scalability, they also open new attack vectors due to configuration complexity. We will carefully inspect your containerisation setup to ensure it is secure and up to standard.
Get A QUOTE
Container platform security audit
Every container has many components that can pose security risks and vulnerabilities.
Cluster setup
Correctness of configuration, testing access to kubectl, RBAC, Network
policy, etc.
Security hygiene
Updates, minimal OS, IAM roles, monitoring, audit logging, verifying deployed binaries, etc.
Known attacks
Disabling default tokens and dashboards, scanning images for known vulnerabilities, etc.
Impact of microservice compromise
Security policies, secret protection, sandboxing, authentication and encryption, etc.
Containerisation technologies
No matter what platform you use, it’s vital to secure your cloud and container workloads. Our security check expertise covers containerization platforms like:
Kubernetes
OpenShift
Our process:
At the beginning of the project, we will collect all the input and agree on the scope of the audit/pentest.
We keep clients informed in course of the project, providing regular status updates and immediate notifications for critical findings.
1
A kick-off meeting to agree on the scope, inputs and communication
2
Cloud pentest (1-3 weeks, depending on the scope)
3
The final report that highlights the identified container security issues
Our methodology
We employ a combination of well-recognised cloud security guidelines, automated tools and manual verifications.
Guidelines:
- CIS Benchmarks
- NIST Application Container Security Guide
- NSA Kubernetes Hardening Guidance
- … and others
Tools
- Inspection tools for containers based on CIS benchmarks
- Various open source tooling used where applicable
All outputs of the tools are being triaged with false positives being removed by security experts.
Check how our container security audit report looks like
Please contact us, and we will send you a sample report of the container security audit.
Related materials
What is Shift Left Security? Comprehensive guide
Basics of the trendy shift-left security approach and specifically focusing on one extremely useful practise – threat modeling.
Contacts
Please tell us what are you looking for and we will happily support you in that.
Feel free to use our contact form or contact us directly.