Kubernetes Security Posture
Kubernetes (K8S) is supported in the following environments: EKS, AKS, GKE, and vanilla.
OWASP Kubernetes Top 10
Panoptica platform secures Kubernetes clusters and also covers OWASP Kubernetes Top 10. The OWASP Kubernetes Top 10 is aimed at helping security practitioners, system administrators, and software developers prioritize risks around the Kubernetes ecosystem. The Top Ten is a prioritized list of these risks backed by data collected from organizations varying in maturity and complexity.
In the Security Findings page in Panoptica platform, there is a label that specify the relevant OWASP Kubernetes Top 10 risk for the finding. Additionally, Panoptica performs image scanning and active runtime protection to identify known vulnerabilities and malicious activity.
OWASP Kubernetes Top 10 | Panoptica Label | Panoptica Products | Detection Includes |
---|---|---|---|
K01:2022 Insecure Workload Configurations | OWASP K01 | - Panoptica Security Posture - Panoptica Attack Path Analysis | - Sensitive volumes mounts - Risky pod and containers security context - No resource limits - No security controls |
K02:2022 Supply Chain Vulnerabilities | No label | - Panoptica Workload Scanning & CVE Management - Panoptica Runtime Protection | - Node host scanning - Image scanning - Malicious activity (runtime protection) |
K03:2022 Overly Permissive RBAC Configurations | OWASP K03 | - Panoptica Security Posture - Panoptica Attack Path Analysis | - Cluster admins - Default groups - Cluster wide role bindings - Wildcard permissions - Permissive default service accounts - Listing secrets - Workload creation - Escalation and impersonation |
K04:2022 Lack of Centralized Policy Enforcement | No label | - Panoptica Compliance Custom Policies | - Custom policies |
K05:2022 Inadequate Logging and Monitoring | OWASP K05 | - Panoptica Security Posture - Panoptica Attack Path Analysis | - Disabled logging |
K06:2022 Broken Authentication Mechanisms | OWASP K06 | - Panoptica Security Posture - Panoptica Attack Path Analysis | - Client certificate authentication - Legacy authorization - Cleartext service account tokens |
K08:2022 Secrets Management Failures | OWASP K08 | - Panoptica Security Posture - Panoptica Attack Path Analysis | - Disabled encryption |
K09:2022 Misconfigured Cluster Components | OWASP K09 | - Panoptica Security Posture - Panoptica Attack Path Analysis | - Kubernetes dashboard without authentication - Public API server |
K10:2022 Outdated and Vulnerable Kubernetes Components | OWASP K10 | - Panoptica Security Posture - Panoptica Attack Path Analysis | - Unpatched hosts - Host scanning |
Updated 11 months ago