Microservices are pervading enterprise IT, and securing microservices hence became crucial. KUBEHOUND is an open-source tool devised for this purpose, as it enables detecting instances of so-called security smells in microservice applications deployed with Kubernetes. KUBEHOUND features a plugin-based extensibility, meaning that its smell detection capabilities can be extended by developing plugins implementing additional smell detection techniques. In this demo paper, we illustrate how to extend KUBEHOUND with plugins enabling to detect two different instances of the own crypto code security smell, whose detection was not yet featured by KUBEHOUND. We also show the practical use of the newly added plugins by applying them to case studies, two of which are based on existing, third-party microservice applications.
Smelling Homemade Crypto Code in Microservices, with KubeHound
Soldani, Jacopo
Secondo
;Dell'Immagine, Giorgio;Brogi, Antonio
2024-01-01
Abstract
Microservices are pervading enterprise IT, and securing microservices hence became crucial. KUBEHOUND is an open-source tool devised for this purpose, as it enables detecting instances of so-called security smells in microservice applications deployed with Kubernetes. KUBEHOUND features a plugin-based extensibility, meaning that its smell detection capabilities can be extended by developing plugins implementing additional smell detection techniques. In this demo paper, we illustrate how to extend KUBEHOUND with plugins enabling to detect two different instances of the own crypto code security smell, whose detection was not yet featured by KUBEHOUND. We also show the practical use of the newly added plugins by applying them to case studies, two of which are based on existing, third-party microservice applications.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
