logo

Introducing the OWASP Top Ten for Kubernetes

2022-10-25

Authors:   Jimmy Mesta


Summary

The OWASP Top Ten for Kubernetes is a community-curated list of the most common Kubernetes risks backed by data collected from organizations varying in maturity and complexity. The project aims to help practitioners assess and secure the security of their containerized infrastructure.
  • The OWASP community has published a number of projects to help practitioners assess and secure the security of their containerized infrastructure
  • The OWASP Top Ten for Kubernetes is a community-curated list of the most common Kubernetes risks
  • The project is backed by data collected from organizations varying in maturity and complexity
  • The project aims to help practitioners assess and secure the security of their containerized infrastructure
The speaker founded a company focused on Kubernetes security and has been talking about it for a while. The OWASP Top Ten for Kubernetes is a new project that has been on the speaker's back burner for too long. It is appropriate for an OWASP meetup because it is an OAuth project.

Abstract

The Open Web Application Security Project (OWASP) is a nonprofit organization focused on improving software security through community, open source, events, and more. Given the growth and adoption of Kubernetes, a number of projects have been published in the OWASP community to help practitioners assess and secure the security of their containerized infrastructure including the recently released Top Ten for Kubernetes (https://owasp.org/www-project-kubernetes-top-ten/). This OSS project is a community-curated list of the most common Kubernetes risks backed by data collected from organizations varying in maturity and complexity. This session will discuss the project in detail, examples for each of the risks in the list, and how to get involved.

Materials: