Kubernetes Penetration Test

FinTech with London and San Francisco Offices

The Client

FinTech based in London and San Francisco providing an API-driven platform for smarter, quicker data aggregation and payments and a significant player in helping organisations implement Open Banking and PSD2 compliance.

The Challenge

The client required specialist penetration testing of their Kubernetes-based infrasructure as part of their internal security assurance programme and external compliance requirements.

The cluster was self-hosted on Amazon Web Services and built using Kops with a common multi-namespace approach to managing a number of different environments.

Our Solution

As one of very few technical security testing companies worldwide with specialist knowledge of container security and Kubernetes in particular, 4ARMED was engaged to review the cluster from both an external and internal perspective. Our consultant worked with the client to highlight risks, demonstrate potential methods of attack and put together a list of recommendations including, where necessary, detailed technical guidance.

This test again highlighted some of the complexities to running your own Kubernetes control plane and the challenges of mixing workloads of differing risk levels.

Marc Wickenden, CTO at 4ARMED

Related Services

Next Steps

Could your business benefit from an engagement like this? Want to discuss your requirements further? Give us a call or complete the contact form below to tell us about your requirements and we will work with you to find the best solution for you.