Riyaz
Co-Founder Kloudle
Securing a K8s cluster is daunting, given the industry-wide capability gap in Kubernetes. Many grapple with hiring true K8s security experts.
With numerous interlinked components in K8s, its attack surface - both internal and external - is huge. Add to this the intricacies of Authentication, RBAC, and Cloud IAM, and clusters can face a myriad security issues.
Appsecco’s PTaaS method offers a comprehensive cluster configuration assessment, spotlighting every potential attack point. Drawing from MITRE ATT&CK, PTES, and OWASP frameworks, we enumerate security misconfigurations. Our thorough audit for Cloud IAM and Cluster RBAC authentication and authorization includes reviewing privileges, roles, bindings, tokens, and Cloud IAM-service account correlations.
Our PTaaS report is a straightforward guide for developers and cluster admins. Delivered in various file formats, it furnishes severity-ranked technical data, remediation guidance, and exploit paths, enabling targeted solutions.
Starting with Appsecco is seamless. We price testing by cluster size. We provide scripts that are used to gather the necessary data required to begin testing and our report offers immediate remedial actions post-testing.
I have been hacking and breaking into systems for over 15 years now. I created the K8s security testing methodology at Appsecco based on the MITRE ATT&CK, PTES and OWASP frameworks. I have led pentesting and product security teams at PwC and Citrix in the past. I have domain expertise in the cloud and container space with multiple certifications like CKA, CKAD and have reported security issues with software all over the Internet.
10.00 - 06.00 PM Workshop
Saturday 22nd Feb
AWS Hacking and Security – From Zero to Hero