Our live presentation on Attacking & Defending Amazon EKS sparked interesting questions and conversations regarding the biggest threats to Amazon EKS (and Kubernetes in general).
A great way to learn about Kubernetes security threats is to turn to resources from OWASP. Let’s take a look.
If you’re not already familiar with OWASP, they’re a nonprofit driven by volunteers, and they’ve been putting out fantastic free resources for years. Their most well known project is the “OWASP Top 10” which lists out the top 10 web application security risks…but not as well known is that they also have an OWASP Top 10 for Kubernetes Risks.
The open source tool that Georgi Vodenitcharov, CISSP demonstrated in our webinar called Kubernetes Goat has learning scenarios that map directly to the top 10 list so that you can learn about the risks and impacts hands-on. You can even do this all for free, since you have the ability to run it locally instead of in the cloud if you want.
Check out our cheat sheet below to see what I mean, and if you’d like to try it out, refer to our live presentation and to the K8s Goat project.
♻️ If you know anyone running Kubernetes or learning about it, help share to make sure they see this! ♻️