Container & Kubernetes Security Testing

Security assessments for containerized workloads and orchestration platforms

1-2 weeks Starting at $10,000

Request a Quote View all services

Container/K8s Assessment 15 FINDINGS

CRITICAL Privileged containers running as root

CRITICAL K8s API server exposed without RBAC

HIGH Secrets stored as plain env vars

HIGH Container escape via mounted Docker socket

MEDIUM No network policies - all pods can talk

Overview

What This Engagement Covers

A comprehensive assessment tailored to your environment.

Our container and Kubernetes security testing identifies misconfigurations, escape paths, and privilege escalation vectors in your containerized environments. We assess Docker configurations, Kubernetes cluster security, pod security policies, RBAC settings, and supply chain risks in your container images.

Our Process

What We Test & How

What We Test

We assess your container runtime security (Docker, containerd), Kubernetes cluster configuration (API server, etcd, kubelet), RBAC policies, network policies, pod security standards, secrets management, container image supply chain, registry security, and the interaction between your orchestration layer and underlying infrastructure.

Our Approach

We combine automated scanning of your container images and Kubernetes configurations with manual testing for escape paths, privilege escalation, and lateral movement. We test from the perspective of a compromised container, a malicious insider with limited RBAC, and an external attacker targeting exposed services. We use tools like kube-hunter, trivy, and custom scripts alongside deep manual analysis.

Deliverables

What You'll Receive

Everything included in your engagement report.

Kubernetes cluster security assessment

Container image vulnerability scan results

RBAC and access control policy review

Network policy and segmentation findings

Secrets management and exposure analysis

Container escape and breakout test results

Supply chain and registry security review

Hardening guide for your specific environment

Methodology

Our Testing Methodology

A structured approach to identifying and validating vulnerabilities.

Kubernetes API server and control plane assessment

RBAC policy analysis and privilege testing

Container image scanning and layer analysis

Runtime security and escape path testing

Network policy and pod-to-pod isolation testing

Secrets management and etcd security review

Ingress controller and service mesh assessment

Supply chain and image registry security review

Findings

Common Vulnerabilities We Find

Typical security issues discovered during this type of engagement.

Overly Permissive RBAC Roles Privileged Container Configurations Missing Pod Security Standards Secrets Stored in Plain Text Vulnerable Base Container Images Insufficient Network Policies Exposed Kubernetes Dashboard or API Missing Image Signing and Verification

Who It's For

Ideal For

Cloud-Native SaaS Companies

DevOps and Platform Engineering Teams

Organizations Running Microservices

AI and ML Infrastructure Teams

Fintech and Healthcare with K8s Workloads

Any Team Using Docker or Kubernetes

Compliance

Standards We Support

CIS Kubernetes Benchmark SOC 2 ISO 27001 NIST 800-190 PCI-DSS

Ready to Get Started?

$10,000

Typical engagement: 1-2 weeks

Request a Quote

More Services

Explore Other Services

Complementary security engagements for comprehensive coverage.

Why Us

Why Lorikeet Security

Certified Experts

OSCP, OSCE, CEH, GPEN certified professionals

Auditor Ready

Reports designed for compliance audits

Free Retesting

Validate fixes at no additional cost

Expert Support

Direct access to testing team during remediation