Skip to content

Perform penetration testing of Fleet and publish report #4880

Closed
Closed
Perform penetration testing of Fleet and publish report#4880
Assignees
GuillaumeRoss
Labels
~risk-reductionRelated to improvements that could help reduce risk of outages, security, privacy, or trust issues.
Milestone
4.14.0
@GuillaumeRoss

Description

@GuillaumeRoss
GuillaumeRoss
opened on Mar 30, 2022

Goal

TODO
We want to get Fleet tested by an offensive security vendor.

Scope

  1. Fleet itself (running in an instance we will provide to the vendor)
  2. Orbit out of scope
  3. osquery itself is out of scope, though exploiting Fleet from data returned to the osquery TLS APIs on the Fleet side is in scope.

How?

  • Identify vendor
  • Provide credentials + documentation to perform the test
  • Testers perform testing
  • Remediate issues
  • Publish report

Metadata

Metadata

Assignees

Labels

~risk-reductionRelated to improvements that could help reduce risk of outages, security, privacy, or trust issues.

Type

No type

Projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions