With the help of tools the network configuration of unintentional exposed cluster(s) are tested. To identify clusters, all subdomains might need to be identified with a tool like OWASP Amass to perform port scans based o the result.

Risk:Standard network segmentation and firewalling has not been performed, leading to world open cluster management ports.

Cluster internal test needs to be performed. Integration of fine granulated network segmentation (also between pods in the same namespace).

Risk:Wrong or no network segmentation of pods makes it easier for an attacker to access a database and extract or modify data.

With the help of tools the configuration of virtual environments are tested.

Risk:Standard hardening practices for cloud environments are not performed leading to vulnerabilities.

Components must be whitelisted. Regular scans on the docker infrastructure (e.g. cluster) need to be performed, to verify that only standardized base images are used.

Risk:Unapproved components are used.

Automatic brute force attacks are performed. Specially the usage of standard accounts like 'admin' and employee user-ids is recommended.

Risk:Weak passwords in components like applications or systems, specially for privileged accounts, lead to take over of that account.

Load test against the production system or a production near system is performed.

Risk:As it is unknown how many requests the systems and applications can serve, due to an unexpected load the availability is disturbed.

Test for unused resources helps to identify unused resources.

Risk:Unused resources, specially secrets, might be still valid, but are exposing information. As an attacker, I compromise a system, gather credentials and try to use them.