security-testing
Security Testing Methodology
AUTHORIZED SCOPE: Dev cluster only. Integration and live clusters are read-only per CLAUDE.md.
See references/attack-surface.md for the full inventory of known weaknesses, exploitation notes, and severity ratings per layer (Network, Gateway, Auth, Authorization, Container, Supply Chain, Credential).
All bash commands are in references/test-commands.md.
Phase 1: Network Policy Testing
Test intra-namespace lateral movement (the baseline-intra-namespace CCNP allows free pod-to-pod communication within a namespace — expect full access). Test cross-namespace escape by verifying that isolated and internal profile pods cannot reach other namespaces or the internet (DNS always succeeds — this is a known exfiltration path). Test Prometheus label impersonation: if the baseline-prometheus-scrape CCNP uses label-only matching, any pod with the right label can bypass namespace boundaries (NET-001). Test escape hatch abuse by enumerating which service accounts can label namespaces.
Commands: see references/test-commands.md#phase-1-network-policy-testing