This is a site with some container security resources. It is (and probably always will be) a work in progress, but hopefully you’ll find some useful information. Issues and PRs welcome using the link above.
- Container Reading List
- Container Terms for Security people
- Security Terms for Container people
- Container CVE List
- Container/Kubernetes Security Tools
Resources for pentesters/redteamers and people looking to get more information about the offensive side of container security. Methodologies for testing and some tooling information.
- External Attacker Checklist
- Compromised Container Checklist
- Compromised User Credentials Checklist
- Attacker Manifests
- Container Breakout Vulnerabilities
Content that relates to container security but doesn’t neatly fit in to attacker/defender buckets