Cloud Security

AWS Vault securely stores AWS IAM credentials in the operating system's keystore and generates temporary credentials for development environments.

A security tool for discovering S3 bucket references in web content and testing buckets for misconfigurations.

An open-source policy-as-code platform that analyzes multi-cloud and SaaS environments using SQL and YAML policies with GPT integration for security, cost, and architecture assessments.

Tang is a network-based server that binds encrypted data access to network presence, allowing data decryption only when clients are connected to the specific network where the Tang server operates.

A Golang-based container security scanner that identifies potential vulnerabilities and misconfigurations in container environments by checking namespacing, capabilities, security profiles, and host device mounts.

Cloud Sniper is a centralized cloud security operations platform that provides incident response, threat correlation, and automated security actions for cloud infrastructure protection.

A book that helps improve Docker security by covering risks and countermeasures

NBD (Network Block Device) is a network protocol implementation that allows clients to access remote block devices over a network as if they were local storage.

MKIT is a Docker-based security assessment tool that identifies common misconfigurations in managed Kubernetes clusters across AKS, EKS, and GKE platforms.

Cloud Custodian is a YAML-based rules engine that manages and enforces security, compliance, and cost optimization policies across AWS, Azure, and GCP cloud environments in real-time.

AWS Scout2 is a security assessment tool that uses the AWS API to gather configuration data and automatically identify security risks in AWS environments.

A container compliance and vulnerability assessment tool that uses OpenSCAP to scan Docker images and running containers for security vulnerabilities and compliance violations.

An open-source script that performs automated security assessments of Docker containers and hosts against CIS Docker Benchmark standards.

Clevis is a pluggable framework that enables automated decryption of data and LUKS volumes through a pin-based plugin system.

An open-source framework that inventories and manages AWS resources across multiple accounts by collecting data via Cross Account Assume Roles and storing it in a centralized S3 bucket for analysis.

A comprehensive AWS security automation toolkit that provides event monitoring, data protection, resource management, and security configuration validation across AWS environments.

TerraGoat is a deliberately vulnerable Terraform repository that demonstrates common cloud infrastructure misconfigurations for training and testing security tools.

A multi-account AWS security tool that identifies misconfigurations, provides real-time reporting, and performs automated remediation to establish secure cloud guardrails.

Comprehensive set of security controls for various AWS services to ensure a secure cloud environment.

Comprehensive cybersecurity tool for Microsoft Azure providing CSPM & CWPP capabilities.

A cloud security assessment tool that collects cloud resource information, analyzes it against best practices, and generates compliance reports in multiple formats.

Microsoft Azure's dedicated HSM for secure key management and cryptographic operations.

Exploring the transition towards real sandbox containers and the differences in privileges compared to traditional sandboxes like Chrome.

Azucar is a multi-threaded plugin-based tool that performs read-only security assessments of Azure Cloud environments, analyzing various assets and configurations without modifying deployed resources.