Curiefense extends Envoy proxy to defend against a variety of threats, including SQL and command injection, cross site noscripting (XSS), account takeovers (ATOs) and more

Read on https://github.com/curiefense/curiefense

Vault-CRD is a custom resource definition for holding secrets that are stored in HashiCorp Vault and kept up to date with Kubernetes secrets

Read more: https://github.com/DaspawnW/vault-crd

“Another LDAP” provides Authentication and Authorization for your applications running on Kubernetes

👉 https://github.com/dignajar/another-ldap

Peirates, a Kubernetes penetration tool, enables an attacker to escalate privilege and pivot through a Kubernetes cluster

Read on https://github.com/inguardians/peirates

Quick update!
We’ve updated the Kubernetes troubleshooting flowchart to include translations in Spanish, Mandarin, Korean and Portuguese. Many thanks to @elnemesisdivina @yorchveintemil @usernametoken Marcelo & Hoon Jo! 👏👏👏

You can download the poster here: https://learnk8s.io/troubleshooting-deployments

Kubestriker is a platform-agnostic tool designed to tackle Kubernetes cluster security issues due to misconfigurations and will help strengthen the overall IT infrastructure of any organisation

→ https://github.com/vchinnipilli/kubestriker

Curated resources help you prepare for the CNCF/Linux Foundation CKS 2021 "Kubernetes Certified Security Specialist" Certification exam

Read on https://github.com/walidshaari/Certified-Kubernetes-Security-Specialist

Kubernetes API Access Security Hardening

👉 https://goteleport.com/blog/kubernetes-api-access-security

Scheduled backup of Vault secrets with Jenkins on Kubernetes

Read more https://igorzhivilo.com/vault/scheduled-backup-vault-secrets

In this article you will learn how to secure Containers with Cosign and Distroless images

Read on: https://infracloud.io/blogs/secure-containers-cosign-distroless-images

Kubernetes Network Policies: a practitioner's guide

More: https://loft.sh/blog/kubernetes-network-policies-a-practitioners-guide

[PDF] Kubernetes Hardening Guidance

👉 https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF

A container Security CTF

Read more https://medium.com/@pookiebear/cant-contain-poop-container-security-ctf-e0c2be4b106e

Encrypt your Kubernetes Secrets with Mozilla SOPS

More: https://thorsten-hans.com/encrypt-your-kubernetes-secrets-with-mozilla-sops

Cross-Account container takeover in Azure Container Instances

👉 https://unit42.paloaltonetworks.com/azure-container-instances

In this post you’ll integrate Kubernetes with Keycloak.
No more sharing KUBECONFIG files and forgetting to export different KUBECONFIG paths!
Read more http://talkingquickly.co.uk/setting-up-oidc-login-kubernetes-kubectl-with-keycloak

Kubernetes security & vulnerability scanning tools: checkov, kube-hunter, kube-bench & Starboard
Read more https://aninditabasak.medium.com/a-lap-around-kubernetes-security-vulnerability-scanning-tools-checkov-kube-hunter-kube-bench-4ffda92c4cf1

Comparing popular Kubernetes security and compliance frameworks, how they differ, when to use, common goals, and suggested tools
Read more https://armosec.io/blog/kubernetes-security-frameworks-and-guidance

Explore how Kubernetes dashboard can be exploited to gain access to a Kubernetes cluster
Read more https://blog.aquasec.com/kubernetes-ui-tools-security-threat

Database security best practices on Kubernetes
Read more https://blog.crunchydata.com/blog/multifactor-sso-authentication-for-postgres-on-kubernetes

This article explains how to deploy Keycloak with Infinispan, the in-memory data store for caching user metadata, on a Kubernetes cluster
Read more https://blog.flant.com/ha-keycloak-infinispan-kubernetes