Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
翻译 - Bridgecrew使用Checkov防止在Terraform,Cloudformation,Kubernetes,无服务器框架和其他基础架构代码语言的构建期间对云进行错误配置。
Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
翻译 - 在配置云原生基础架构之前,将整个基础架构中的合规性和安全违规行为作为代码进行检测,以降低风险。
The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.
翻译 - AWS 开发框架,旨在测试 Amazon Web Services 环境的安全性。
Security Monkey monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
翻译 - Security Monkey监视AWS,GCP,OpenStack和GitHub组织的资产及其随时间的变化。
🛡️ Awesome Cloud Security Resources ⚔️
IAM Least Privilege Policy Generator
翻译 - IAM最低特权策略生成器
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
翻译 - Cloudsplaining是一种AWS IAM安全评估工具,可识别违反最小特权的行为并生成风险优先报告。
☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud
翻译 - ☁️ :zap:云的粒度、可操作的对手仿真。
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
#Awesome#Curated list of links, references, books videos, tutorials (Free or Paid), Exploit, CTFs, Hacking Practices etc. which are related to AWS Security
PacBot (Policy as Code Bot)
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production...
翻译 - TerraGoat是Bridgecrew的“设计易受攻击” Terraform存储库。 TerraGoat是一个学习和培训项目,它演示了常见的配置错误如何将其发现到生产云环境中。
Cloud Security Suite - One stop tool for auditing the security posture of AWS/GCP/Azure infrastructure.
Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring supporting 100s of services and evaluations to harden your CSP & ...
A graph-based tool for visualizing effective access and resource relationships in AWS environments.
翻译 - 基于图的工具,用于可视化AWS环境中的有效访问和资源关系。
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
翻译 - 我们非常受欢迎的AWS和Azure上的Breaking and Pwning应用程序和服务器的课程内容,实验室设置说明和文档,动手培训!
Least privilege AWS IAM Terraformer
#Awesome#A curated list of awesome cloud security blogs, podcasts, standards, projects, and examples.