OWASP Kubernetes Top 10 2022

Epistemic status: Confident that these are the issues OWASP identified
Epistemic effort: Still a beginner at Kubernetes in general. I've read through the descriptions of these issues and thought about how they might impact Conjur (the software I work on for pay).

Inspired by the OWASP Top 10 Web Application Security Risks 2021 and earlier iteration, OWASP has started identifying Top 10 lists in other areas. Historically, the main Top 10 list has focused on Web Applications. Making new lists allows more tailoring to the needs of individual technologies.

Kubernetes is a technology that can be misconfigured in ways that introduce new classes of security holes. In 2022, OWASP identified a list of the top 10 security risks around Kubernetes.

Top 10 Kubernetes Risks - 2022

• K01:2022 - Insecure Workload Configurations
• K02:2022 - Supply Chain Vulnerabilities
• K03:2022 - Overly Permissive RBAC Configurations
• K04:2022 - Lack of Centralized Policy Enforcement
• K05:2022 - Inadequate Logging and Monitoring
• K06:2022 - Broken Authentication Mechanisms
• K07:2022 - Missing Network Segmentation Controls
• K08:2022 - Secrets Management Failures
• K09:2022 - Misconfigured Cluster Components
• K10:2022 - Outdated and Vulnerable Kubernetes Components

Sources

• OWASP Kubernetes Top Ten Project