Appsecco's Kubernetes Penetration Testing as a Service (PTaaS) is a security assessment service that evaluates the security posture of Kubernetes clusters. The service tests across multiple attack surfaces including the cluster itself, container internals, image repositories, VPC neighbours, cloud IAM mappings, external cluster exposure, and third-party integrations. The methodology follows MITRE ATT&CK, PTES, and OWASP standards, and incorporates CIS Kubernetes Benchmarks. Testing covers three attacker perspectives: external attackers, attackers operating from within a pod, and cloud neighbourhood (VPS) attackers. The assessment includes: - Full cluster configuration review and attack surface enumeration - RBAC and Cloud IAM privilege auditing across cloud, cluster, and container layers - Cloud IAM to Kubernetes Service Account identity mapping verification - Cloud Metadata API access checks - Service account token privilege enumeration - Container registry security checks - Cloud VPS to node access validation Findings are delivered in an actionable report available in PDF, DOCX, and CSV formats. Each issue includes exploit proof-of-concepts, remediation steps written for developers, and severity ratings mapped to CVSS 3.1. Issues are also mapped to the MITRE ATT&CK framework for threat context and prioritisation.