TestAndVerification -> Static depth for infrastructure: Test the definition of virtualized environments
Risk and Opportunity
Risk: The definition of virtualized environments (e.g. via Dockerfile) might contains unsecure configurations.
Opportunity: Test the definition of virtualized environments for unsecured configurations.
Usefulness and Requirements of this Activitiy
Required knowledge: Low (one discipline)
Required time: Very Low
Required resources (systems): Low
- Dockerfile with hadolint, Link, Tags:
- Deployment with kube-score, Link, Tags:
OWASP SAMM VERSION 2
- system hardening, virtual environments are not explicitly covered by ISO 27001 - too specific