Application and GKE Kubernetes Penetration Test

kubernetes node.js webapp saas fintech

The Client

FinTech Payments, Compliance and Risk Platform based in London.

The Challenge

The client required penetration testing of their Node.js API, management console and Kubernetes-based infrastructure as part of their PCI DSS 11.3 requirements.

The Solution

Application security test-cases were built out from Postman collections to fully explore the API functionality and a number of complex financial transaction scenarios were created and exercised.

The infrastructure was based on Kubernetes and deployed into Google Cloud Platform’s GKE managed service.

GKE is a fantastic option for anyone looking for a managed Kubernetes service however, it is not without its quirks from a security perspective, particularly in older versions. The managed control plane does not take care of other common issues affecting Kubernetes running in cloud-based environments.

During the testing the communication was flawless and 4ARMED told us as they were testing of any gaps in security encountered so that we could work on fixes in parallel and deploy and retest them before the whole testing was completed. The final report was very comprehensive both from a business and technical point of view. The recommendations in the report were clear and concise and contained explicit steps on how to fix vulnerabilities effectively.

Ana

Systems Engineer & DPO

Related Services

Application Penetration Testing

Kubernetes Penetration Testing

PCI DSS Consultancy

Next Steps

Could your business benefit from an engagement like this? Want to discuss your requirements further? Give us a call or complete this contact form to tell us about your requirements and we will work with you to find the best solution for you.
+44 (0)203 475 2443 sales@4armed.com
4ARMED Limited
3 Warren Yard, Warren Park, Stratford Road, MILTON KEYNES MK12 5NW, England