Skip to content
Fast-turnaround security assessments available — 10+ years development & security experienceGet started
Topic Hub

Infrastructure Security

Server, network, and cloud infrastructure vulnerabilities — subdomain takeovers, DNS misconfigurations, container security, exposed services, and infrastructure hardening.

4 knowledge articles7 case studies7 glossary terms

Understanding Infrastructure Security

Services

What We Test: Applications, APIs, Authentication, Infrastructure

A detailed breakdown of what Raijuna tests during security assessments — web applications, REST and GraphQL APIs, authentication and SSO flows, cloud infrastructure, and mobile backends. For each target type: what we look for, common findings, and why it matters.

11 min readRead article
VulnerabilityCWE-284

Subdomain Takeover: When Dangling DNS Records Become Attack Surface

Subdomain takeover occurs when a DNS record points to a deprovisioned external service, allowing an attacker to claim that service and serve arbitrary content under a trusted domain. The result is phishing, cookie theft, and content security policy bypass — all from a legitimate-looking subdomain.

10 min readRead article
Methodology

Container Security: Escaping Docker and Attacking Kubernetes

Containers offer process isolation, not security boundaries. Privileged containers, exposed Docker sockets, misconfigured Kubernetes RBAC, and accessible cloud metadata endpoints all create paths from a compromised container to full cluster or host compromise. Understanding these vectors is essential for assessing environments that rely on containerization as part of their security model.

10 min readRead article
Services

Integrating Security Testing Into Your Development Lifecycle

Security vulnerabilities are cheapest to fix before code ships. Organizations that treat security as a gate at the end of the pipeline pay more to fix findings, ship riskier code, and lose developer context. Integrating security testing throughout the development lifecycle — from design through deployment — produces better outcomes at lower cost, without slowing delivery.

10 min readRead article

Real-World Cases

Info DisclosureCVSS 5.3medium

Enumerating Internal Architecture Through a Container Registry

During a black-box assessment of a global infrastructure provider, an unauthenticated Harbor container registry exposed the organization's complete internal project structure — service names, repository counts, team namespaces, and architectural relationships — without requiring any credentials. This is how the registry was found, what it disclosed, and why container registries with open access represent a more serious reconnaissance surface than they appear.

Read case
Access ControlCVSS 9.1critical

Enterprise GitLab With the Front Door Wide Open

An enterprise GitLab installation used by a global media technology company to host proprietary infrastructure code, deployment configurations, and CI/CD pipelines was configured with open user registration enabled. Any external party could create an account, browse internal repositories, clone source code, and read environment files containing credentials for production systems — no invitation required.

Read case
CryptographicCVSS 7.4high

The Service That Trusted Every Certificate

During a security assessment of an election management platform, a backend integration service was found to accept any TLS certificate during HTTPS connections to external endpoints — regardless of validity, expiry, or hostname match. The result was complete exposure to man-in-the-middle interception on traffic the platform considered encrypted and authenticated.

Read case
OtherCVSS 8.2high

Five Subdomains, Five Takeovers, One Afternoon

DNS enumeration against a media infrastructure company turned up not one dangling CloudFront record but five. Each subdomain pointed to a deleted CloudFront distribution. Each was claimable. By the end of the afternoon, five proof-of-concept pages were live under the company's own domain.

Read case
Info DisclosureCVSS 7.5high

Kubernetes Blueprints Left on the Doorstep

During an assessment of a media streaming company's infrastructure, an ArgoCD instance was reachable over the public internet with no authentication required. Its API exposed the full inventory of Kubernetes applications, source repository paths, cluster connection details, and deployment configuration — the architectural blueprint of the organization's production environment.

Read case
OtherCVSS 7.5high

The Subdomain Someone Else Already Owned

A routine DNS enumeration uncovered a subdomain pointing to a cloud resource that no longer existed. The CNAME was still live, the cloud resource was available for anyone to claim, and the subdomain was one registration away from serving attacker-controlled content under the company's domain.

Read case
Info DisclosureCVSS 8.2high

652 Repositories, Zero Authentication

An exposed container registry at a global infrastructure provider held 652 repositories with no authentication. Docker image layers contained full application source code, configuration files, API keys, database credentials, and internal service architecture maps. This is the story of how it was found and what it revealed.

Read case

Key Terms

Phishing

A social engineering attack that tricks individuals into revealing sensitive information by impersonating a trusted entity.

Reconnaissance

The initial phase of a security assessment where information about the target is systematically gathered to identify attack surfaces and potential vulnerabilities.

Subdomain Takeover

A vulnerability where an attacker claims control of a subdomain that points to an unclaimed or decommissioned external service.

TLS (Transport Layer Security)

A cryptographic protocol that provides secure communication over a network by encrypting data in transit between two parties.

Token

A digitally generated string used to authenticate a user, authorize access, or maintain session state without repeatedly transmitting credentials.

VPN (Virtual Private Network)

A technology that creates an encrypted tunnel between two points on a network, protecting data in transit and masking the user's network identity.

WebSocket Security

The set of security considerations and protections specific to WebSocket connections, which maintain persistent bidirectional communication channels.

Need your application tested?

Our security assessments cover the full range of infrastructure security vulnerabilities with methodology built from real-world research.

Request an Assessment