Docker and Kubernetes Threat Modeling Cheat Sheet

View the original Working Session content


A Cheat Sheet covering the most common threats against Docker and Kubernetes.

Synopsis and Takeaways

This working session aimed to answer the following questions:

  • Can we identify the main or generic threats?
  • Can we organize the threats in Risk Patterns
  • Can they be summarized on a Cheat Sheet?

Example: As a tester I want to run a baseline scan of a website in order to sanity check.


Threats were listed and grouped according to the four questions:

  • What are we building?
  • What can go wrong?
  • What are we going to do about that?
  • Did we do a good enough job?

Question 1: What are we building?

  • Insufficient Authentication Protection
    • Password Policy
    • Brute Force protection
    • Username enumeration
  • Information Disclosure
    • Usernames
  • Insider Threat
  • Tamperproof Dockerfile
  • Sensitive data in Docker file or image

Question 2: What can go wrong?

  • Sensitive Data
  • Dangerous commands on boot

Question 3: What are we going to do about that?

  • Documentation Group
  • Run = Access
  • Docker inspection used
  • Exposing daemon socket
  • Segregation of duties not forced
  • User can mass download
  • “Latest” user awareness
  • Escalation of privilege to a deeper level

Working Materials


External References

Session organiser(s)

Steven Wierckx Steven Wierckx


Adam Shostack Adam Shostack , Orid Ahmed Orid Ahmed , Alina Radu Alina Radu , Aurelijus Stanislovaitis Aurelijus Stanislovaitis , David Cervigni David Cervigni , Fraser Scott Fraser Scott , Frederic Tollens Frederic Tollens , Imran Mohammed A Imran Mohammed A , Luis Saiz Luis Saiz , Ruben Tronçon Ruben Tronçon , Sara Davis Sara Davis Abdullah Garcia Abdullah Garcia , Joset Zamora Joset Zamora , Madhu Akula Madhu Akula

Attached materials: