Application Vulnerability

The "code security" is the code of the application being deployed into the cluster. Fundamentally this is not really a "Kubernetes" specific attack path. Attacking this layer is generally performing a web application penetration test in an application hosted in a Kubernetes cluster. From this layer, you're looking to identify any sort of web application vulnerability that will allow you to get a shell on within the application (or possibly SSRF).

Typically initial access into a Kubernetes cluster from an external perspective relies on some sort of injection attack that allows an attacker to get a foothold. Getting a shell in an web application running in a Kubernetes cluster will drop you inside the Pod running the container the application is hosted in.

Defending

All of the standard application security best practices should be followed to ensure your applications are not vulnerable to these exploits in the first place. This field is generally referred to as application security. At a very high level, ensure that applications are not vulnerable to common attacks outline in the OWASP Top 10.

  1. Pre-commit security
    • Perform continuous threat-modeling
    • Enforce Peer code reviews
    • IDE security plugins
    • Pre-commit hooks
  2. Commit Security
    • Perform static application security testing (SAST)
    • Perform security unit testing
    • Understand supply chain/dependency risks
  3. Pre-Production
    • Perform web application security testing