security-testing
Security Testing Methodology
AUTHORIZED SCOPE: Dev cluster only. Integration and live clusters are read-only per CLAUDE.md.
See references/attack-surface.md for the full inventory of known weaknesses, exploitation notes, and severity ratings per layer (Network, Gateway, Auth, Authorization, Container, Supply Chain, Credential).
All bash commands are in references/test-commands.md.
Phase 1: Network Policy Testing
Test intra-namespace lateral movement (the baseline-intra-namespace CCNP allows free pod-to-pod communication within a namespace — expect full access). Test cross-namespace escape by verifying that isolated and internal profile pods cannot reach other namespaces or the internet (DNS always succeeds — this is a known exfiltration path). Test Prometheus label impersonation: if the baseline-prometheus-scrape CCNP uses label-only matching, any pod with the right label can bypass namespace boundaries (NET-001). Test escape hatch abuse by enumerating which service accounts can label namespaces.
Commands: see references/test-commands.md#phase-1-network-policy-testing
Phase 2: Authentication & WAF Testing
More from ionfury/homelab
prometheus
Query Prometheus API for cluster metrics, alerts, and observability data. Use when investigating cluster health, performance issues, resource utilization, or alert status. Triggers on questions like "what's the CPU usage", "show me firing alerts", "check memory pressure", "query prometheus for", or any PromQL-related requests.
68taskfiles
|
63opentofu-modules
|
59terragrunt
|
59k8s
|
46cnpg-database
|
38