DocumentationAPI ReferenceRelease Notes
Documentation
Start typing to search…

Kubernetes Security Posture

Kubernetes (K8S) is supported in the following environments: EKS, AKS, GKE, and vanilla.

OWASP Kubernetes Top 10

Panoptica platform secures Kubernetes clusters and also covers OWASP Kubernetes Top 10. The OWASP Kubernetes Top 10 is aimed at helping security practitioners, system administrators, and software developers prioritize risks around the Kubernetes ecosystem. The Top Ten is a prioritized list of these risks backed by data collected from organizations varying in maturity and complexity.

In the Security Findings page in Panoptica platform, there is a label that specify the relevant OWASP Kubernetes Top 10 risk for the finding. Additionally, Panoptica performs image scanning and active runtime protection to identify known vulnerabilities and malicious activity.

OWASP Kubernetes Top 10

Panoptica Label

Panoptica Products

Detection Includes

K01:2022 Insecure Workload Configurations

OWASP K01

  • Panoptica Security Posture
  • Panoptica Attack Path Analysis
  • Sensitive volumes mounts
  • Risky pod and containers security context
  • No resource limits
  • No security controls

K02:2022 Supply Chain Vulnerabilities

No label

  • Panoptica Workload Scanning & CVE Management
  • Panoptica Runtime Protection
  • Node host scanning
  • Image scanning
  • Malicious activity (runtime protection)

K03:2022 Overly Permissive RBAC Configurations

OWASP K03

  • Panoptica Security Posture
  • Panoptica Attack Path Analysis
  • Cluster admins
  • Default groups
  • Cluster wide role bindings
  • Wildcard permissions
  • Permissive default service accounts
  • Listing secrets
  • Workload creation
  • Escalation and impersonation

K04:2022 Lack of Centralized Policy Enforcement

No label

  • Panoptica Compliance Custom Policies
  • Custom policies

K05:2022 Inadequate Logging and Monitoring

OWASP K05

  • Panoptica Security Posture
  • Panoptica Attack Path Analysis
  • Disabled logging

K06:2022 Broken Authentication Mechanisms

OWASP K06

  • Panoptica Security Posture
  • Panoptica Attack Path Analysis
  • Client certificate authentication
  • Legacy authorization
  • Cleartext service account tokens

K08:2022 Secrets Management Failures

OWASP K08

  • Panoptica Security Posture
  • Panoptica Attack Path Analysis
  • Disabled encryption

K09:2022 Misconfigured Cluster Components

OWASP K09

  • Panoptica Security Posture
  • Panoptica Attack Path Analysis
  • Kubernetes dashboard without authentication
  • Public API server

K10:2022 Outdated and Vulnerable Kubernetes Components

OWASP K10

  • Panoptica Security Posture
  • Panoptica Attack Path Analysis
  • Unpatched hosts
  • Host scanning

Updated 16 days ago