Skip to content

4ndersonLin/awesome-cloud-security

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

67 Commits
 
 
 
 

Repository files navigation


A curated list of awesome cloud security related resources.


Awesome Cloud Security

🛡️ Awesome Cloud Security Resources ⚔️

Contents

Standards

Compliances

Benchmarks

Tools

Infrastructure

  • aws_pwn: A collection of AWS penetration testing junk
  • aws_ir: Python installable command line utility for mitigation of instance and key compromises.
  • aws-firewall-factory: Deploy, update, and stage your WAFs while managing them centrally via FMS.
  • aws-vault: A vault for securely storing and accessing AWS credentials in development environments.
  • awspx: A graph-based tool for visualizing effective access and resource relationships within AWS.
  • azucar: A security auditing tool for Azure environments
  • checkov: A static code analysis tool for infrastructure-as-code.
  • cloud-forensics-utils: A python lib for DF & IR on the cloud.
  • Cloud-Katana: Automate the execution of simulation steps in multi-cloud and hybrid cloud environments.
  • cloudlist: Listing Assets from multiple Cloud Providers.
  • Cloud Sniper: A platform designed to manage Cloud Security Operations.
  • Cloudmapper: Analyze your AWS environments.
  • Cloudmarker: A cloud monitoring tool and framework.
  • Cloudsploit: Cloud security configuration checks.
  • CloudQuery: Open source cloud asset inventory with set of pre-baked SQL policies for security and compliance.
  • Cloud-custodian: Rules engine for cloud security, cost optimization, and governance.
  • consoleme: A Central Control Plane for AWS Permissions and Access
  • cs suite: Tool for auditing the security posture of AWS/GCP/Azure.
  • Deepfence ThreatMapper: Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.
  • dftimewolf: A multi-cloud framework for orchestrating forensic collection, processing and data export.
  • diffy: Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix.
  • ElectricEye: Continuously monitor AWS services for configurations.
  • Forseti security: GCP inventory monitoring and policy enforcement tool.
  • Hammer: A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources.
  • kics: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.
  • Matano: Open source serverless security lake platform on AWS that lets you ingest, store, and analyze data into an Apache Iceberg data lake and run realtime Python detections as code.
  • Metabadger: Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
  • Open policy agent: Policy-based control tool.
  • pacbot: Policy as Code Bot.
  • pacu: The AWS exploitation framework.
  • PMapper: A tool for quickly evaluating IAM permissions in AWS.
  • Prowler: Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
  • ScoutSuite: Multi-cloud security auditing tool.
  • Security Monkey: Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
  • SkyWrapper: Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS.
  • Smogcloud: Find cloud assets that no one wants exposed.
  • Steampipe: A Postgres FDW that maps APIs to SQL, plus suites of API plugins and compliance mods for AWS/Azure/GCP and many others.
  • Terrascan: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
  • tfsec: Static analysis powered security scanner for Terraform code.
  • Zeus: AWS Auditing & Hardening Tool.

Container

  • auditkube: Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security.
  • Falco: Container runtime security.
  • mkit: Managed kubernetes inspection tool.
  • Open policy agent: Policy-based control tool.

SaaS

  • aws-allowlister: Automatically compile an AWS Service Control Policy with your preferred compliance frameworks.
  • binaryalert: Serverless S3 yara scanner.
  • cloudsplaining: An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
  • Cloud Guardrails: Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives.
  • Function Shield: Protection/destection lib of aws lambda and gcp function.
  • FestIN: S3 bucket finder and content discover.
  • GCPBucketBrute: A script to enumerate Google Storage buckets.
  • IAM Zero: Detects identity and access management issues and automatically suggests least-privilege policies.
  • Lambda Guard: AWS Lambda auditing tool.
  • Policy Sentry: IAM Least Privilege Policy Generator.
  • S3 Inspector: Tool to check AWS S3 bucket permissions.
  • Serverless Goat: A serverless application demonstrating common serverless security flaws.
  • SkyArk: Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS.

Penetration testing/learning

  • AWSGoat: AWSGoat is a vulnerable by design AWS infrastructure featuring OWASP Top 10 web application security risks (2021) and AWS service based misconfigurations.
  • ccat: Cloud Container Attack Tool.
  • CloudBrute: A multiple cloud enumerator.
  • cloudgoat: "Vulnerable by Design" AWS deployment tool.
  • Leonidas: A framework for executing attacker actions in the cloud.
  • Pwned Labs: Free hosted labs for learning cloud security.
  • Sadcloud: Tool for spinning up insecure AWS infrastructure with Terraform.
  • TerraGoat: Bridgecrew's "Vulnerable by Design" Terraform repository.
  • WrongSecrets: A vulnerable app which demonstrates how to not use secrets. With AWS/Azure/GCP support.

Native tools

Reading Materials

AWS

  1. Overiew of AWS Security
  2. AWS-IAM-Privilege-Escalation by RhinoSecurityLabs: A centralized source of all AWS IAM privilege escalation methods.
  3. MITRE ATT&CK Matrices of AWS
  4. AWS security workshops
  5. ThreatModel for Amazon S3: Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach

Azure

  1. Overiew of Azure Security
  2. Azure security fundamentals
  3. MicroBurst by NetSPI: A collection of scripts for assessing Microsoft Azure security
  4. MITRE ATT&CK Matrices of Azure
  5. Azure security center workflow automation

GCP

  1. Overiew of GCP Security
  2. GKE security scenarios demo
  3. MITRE ATT&CK Matrices of GCP
  4. Security response automation

Others

  1. Cloud Security Research by RhinoSecurityLabs
  2. CSA cloud security guidance v4
  3. Appsecco provides training
  4. Cloud Risk Encyclopedia by Orca Security: 900+ documented cloud security risks, with ability to filter by cloud vendor, compliance framework, risk category, and criticality.

Free Courses

  1. AWS Security

Paid Courses

  1. DevSecOps – Kubernetes DevOps & Security
  2. DevSecOps: Insecure Docker Registry
  3. Learn Cloud Security, Kubernetes, DevSecOps, and more
  4. Certified Kubernetes Security Specialist (CKS)

Bootcamps

  1. On-Demand: DevSecOps: Beginner Edition Bootcamp
  2. On-Demand: Cloud Security: AWS Edition Bootcamp
  3. On-Demand: Container Security: Beginner Edition Bootcamp

Trainings

  1. Attacking and Defending AWS

Certifications

  1. CCSP – Certified Cloud Security Professional
  2. AWS Certified Security - Specialty
  3. Microsoft Certified: Azure Security Engineer Associate
  4. Certified Kubernetes Security Specialist (CKS)

Resource

AWS

  1. Bucket search by grayhatwarfare

Others

  1. Mapping of On-Premises Security Controls vs. Major Cloud Providers Services

Contributing

See contributing