Cloud Security
Explore 247 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
An AI-powered penetration testing platform that autonomously discovers, exploits, and documents vulnerabilities while generating NIST-compliant reports.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
LATEST ADDITIONS
MX Layer is a cloud-based email security platform that protects organizations against email threats through filtering, archiving, compliance, and data leak prevention capabilities.
MX Layer is a cloud-based email security platform that protects organizations against email threats through filtering, archiving, compliance, and data leak prevention capabilities.
A next-generation intrusion prevention system that combines signature-based and behavioral detection techniques to identify and block sophisticated network threats across hybrid environments.
A next-generation intrusion prevention system that combines signature-based and behavioral detection techniques to identify and block sophisticated network threats across hybrid environments.
A cloud-based risk management platform that enables healthcare organizations to assess, manage, and share cybersecurity and third-party risk data across a collaborative network of providers and vendors.
A cloud-based risk management platform that enables healthcare organizations to assess, manage, and share cybersecurity and third-party risk data across a collaborative network of providers and vendors.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
A security analytics platform that integrates with Google Chronicle to deliver Autonomic Security Operations through data engineering, detection engineering, and response engineering.
Cloudflare Access is a zero trust network access solution that secures applications and resources by implementing identity-based authentication and authorization without traditional VPN infrastructure.
Cloudflare Access is a zero trust network access solution that secures applications and resources by implementing identity-based authentication and authorization without traditional VPN infrastructure.
Strobes Security Consulting Services provides an integrated cybersecurity platform that combines attack surface management, penetration testing, vulnerability management, and application security with expert consulting services.
Strobes Security Consulting Services provides an integrated cybersecurity platform that combines attack surface management, penetration testing, vulnerability management, and application security with expert consulting services.
Appgate SDP is a Zero Trust Network Access solution that provides secure, context-aware access to resources across hybrid environments while eliminating traditional VPN limitations.
Appgate SDP is a Zero Trust Network Access solution that provides secure, context-aware access to resources across hybrid environments while eliminating traditional VPN limitations.
Zscaler Internet Access is a cloud-based zero trust security platform that secures internet traffic by providing threat protection, data loss prevention, and secure web gateway capabilities without traditional VPN infrastructure.
Zscaler Internet Access is a cloud-based zero trust security platform that secures internet traffic by providing threat protection, data loss prevention, and secure web gateway capabilities without traditional VPN infrastructure.
A GenAI-powered security platform that integrates endpoint, email, network, data, cloud, and security operations capabilities for comprehensive threat detection and response.
A GenAI-powered security platform that integrates endpoint, email, network, data, cloud, and security operations capabilities for comprehensive threat detection and response.
A comprehensive application security platform combining specialized services and software tools to help organizations manage vulnerabilities throughout the software development lifecycle.
A comprehensive application security platform combining specialized services and software tools to help organizations manage vulnerabilities throughout the software development lifecycle.
A unified data security platform that discovers, classifies, monitors, and protects sensitive data across cloud, SaaS, and on-premises environments while ensuring compliance and automating security processes.
A unified data security platform that discovers, classifies, monitors, and protects sensitive data across cloud, SaaS, and on-premises environments while ensuring compliance and automating security processes.
A comprehensive cloud security platform that provides threat prevention, posture management, and risk prioritization across cloud applications, networks, and workloads.
A comprehensive cloud security platform that provides threat prevention, posture management, and risk prioritization across cloud applications, networks, and workloads.
A decentralized identity verification solution that enables organizations to issue, manage, and verify digital credentials for user-owned identity scenarios.
A decentralized identity verification solution that enables organizations to issue, manage, and verify digital credentials for user-owned identity scenarios.
A remediation operations platform that streamlines vulnerability management by connecting security findings to fixing teams through automated workflows.
A remediation operations platform that streamlines vulnerability management by connecting security findings to fixing teams through automated workflows.
An Application Security Posture Management platform that provides visibility, security controls, and automated workflows across the software development lifecycle from code to cloud.
An Application Security Posture Management platform that provides visibility, security controls, and automated workflows across the software development lifecycle from code to cloud.
A lightweight web application firewall that protects modern applications and APIs across distributed architectures with integrated DoS protection, bot defense, and DevOps-friendly deployment options.
A lightweight web application firewall that protects modern applications and APIs across distributed architectures with integrated DoS protection, bot defense, and DevOps-friendly deployment options.
A cloud security solution that provides agentless application mapping and vulnerability prioritization based on business impact across cloud environments.
A cloud security solution that provides agentless application mapping and vulnerability prioritization based on business impact across cloud environments.
An integrated application security platform that combines multiple security scanning tools with developer-focused workflows for automated code and infrastructure security testing.
An integrated application security platform that combines multiple security scanning tools with developer-focused workflows for automated code and infrastructure security testing.
A solution that discovers, analyzes, and helps remediate vulnerabilities across an organization's external digital attack surface by identifying and monitoring internet-facing assets.
A solution that discovers, analyzes, and helps remediate vulnerabilities across an organization's external digital attack surface by identifying and monitoring internet-facing assets.
A cloud-based identity and access management solution that provides access governance, compliance monitoring, and risk management for hybrid environments.
A cloud-based identity and access management solution that provides access governance, compliance monitoring, and risk management for hybrid environments.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
A unified extended detection and response (XDR) platform that provides comprehensive visibility and protection across hybrid IT environments through integrated prevention, detection, and response capabilities.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
Outpost24 Managed Security Services offers proactive security monitoring and management across networks, endpoints, applications, and clouds through a comprehensive CTEM platform with expert-led validation and unified risk visibility.
A cloud-native security platform that provides asset inventory, vulnerability management, compliance monitoring, and security posture management across multiple cloud providers.
A cloud-native security platform that provides asset inventory, vulnerability management, compliance monitoring, and security posture management across multiple cloud providers.
A cloud-based security platform providing WAAP, ZTNA, public cloud security management, and threat intelligence sharing capabilities.
A cloud-based security platform providing WAAP, ZTNA, public cloud security management, and threat intelligence sharing capabilities.
An AI-powered data security governance platform that autonomously discovers, classifies, monitors, and protects sensitive information across cloud and on-premises environments.
An AI-powered data security governance platform that autonomously discovers, classifies, monitors, and protects sensitive information across cloud and on-premises environments.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
FortiMail is an email security solution that protects organizations against phishing, ransomware, zero-day attacks, and business email compromise through multi-layered detection and prevention capabilities.
FortiMail is an email security solution that protects organizations against phishing, ransomware, zero-day attacks, and business email compromise through multi-layered detection and prevention capabilities.
A data security and governance platform that provides automated discovery, classification, and protection of sensitive data across cloud, on-premises, and hybrid environments.
A data security and governance platform that provides automated discovery, classification, and protection of sensitive data across cloud, on-premises, and hybrid environments.
A cloud-based email security solution from Cloudflare designed to protect organizations from email-based threats and attacks.
A cloud-based email security solution from Cloudflare designed to protect organizations from email-based threats and attacks.
An AI-powered Cloud Native Application Protection Platform (CNAPP) that provides unified cloud security with attack surface management for small and medium businesses.
An AI-powered Cloud Native Application Protection Platform (CNAPP) that provides unified cloud security with attack surface management for small and medium businesses.
An API security solution that provides continuous discovery, classification, and protection of APIs across environments while integrating with existing security infrastructure to prevent attacks and business logic abuse.
An API security solution that provides continuous discovery, classification, and protection of APIs across environments while integrating with existing security infrastructure to prevent attacks and business logic abuse.
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
A SaaS-based web application firewall that combines signature and behavioral-based threat detection to protect applications deployed across cloud, on-premises and edge environments.
A SaaS-based web application firewall that combines signature and behavioral-based threat detection to protect applications deployed across cloud, on-premises and edge environments.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud native application protection platform that provides unified visibility, risk assessment, and remediation capabilities across multi-cloud and hybrid environments.
A cloud native application protection platform that provides unified visibility, risk assessment, and remediation capabilities across multi-cloud and hybrid environments.
A comprehensive cloud security platform that combines vulnerability management, compliance monitoring, and automated remediation capabilities through an agentless architecture to protect cloud infrastructure and applications.
A comprehensive cloud security platform that combines vulnerability management, compliance monitoring, and automated remediation capabilities through an agentless architecture to protect cloud infrastructure and applications.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.
An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.
A cloud and database asset intelligence platform that provides continuous monitoring, compliance management, and security posture assessment across hybrid cloud environments.
A cloud and database asset intelligence platform that provides continuous monitoring, compliance management, and security posture assessment across hybrid cloud environments.
A platform that maps enterprise attack surfaces by consolidating asset inventory, prioritizing vulnerabilities based on exposure, and providing contextual visualization of security risks.
A platform that maps enterprise attack surfaces by consolidating asset inventory, prioritizing vulnerabilities based on exposure, and providing contextual visualization of security risks.
A cloud native application protection platform that provides security monitoring and protection across cloud, on-premises, and hybrid environments.
A cloud native application protection platform that provides security monitoring and protection across cloud, on-premises, and hybrid environments.
An API security and monitoring platform that automatically discovers, validates, and protects API endpoints while providing comprehensive management and analytics capabilities.
An API security and monitoring platform that automatically discovers, validates, and protects API endpoints while providing comprehensive management and analytics capabilities.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Airlock Secure Access Hub is an integrated security platform that combines identity and access management with web application and API protection to secure digital applications while maintaining user experience.
Airlock Secure Access Hub is an integrated security platform that combines identity and access management with web application and API protection to secure digital applications while maintaining user experience.
A cloud-native application protection platform that provides comprehensive security monitoring, vulnerability management, and threat detection for cloud environments and container workloads.
A cloud-native application protection platform that provides comprehensive security monitoring, vulnerability management, and threat detection for cloud environments and container workloads.
An integrated security platform that provides API discovery, runtime protection, security testing, and incident response capabilities for web applications, APIs, and AI systems.
An integrated security platform that provides API discovery, runtime protection, security testing, and incident response capabilities for web applications, APIs, and AI systems.
A Non-Human Identity Management platform that provides discovery, security, and lifecycle management for machine identities across hybrid cloud environments.
A Non-Human Identity Management platform that provides discovery, security, and lifecycle management for machine identities across hybrid cloud environments.
A security platform that automates the deployment and management of security canaries across cloud infrastructure to detect potential intrusions and unauthorized access.
A security platform that automates the deployment and management of security canaries across cloud infrastructure to detect potential intrusions and unauthorized access.
A platform that discovers, manages and secures non-human identities like service accounts, API keys and secrets across enterprise environments.
A platform that discovers, manages and secures non-human identities like service accounts, API keys and secrets across enterprise environments.
A cloud-based platform that discovers, monitors, and manages non-human identities and their associated credentials across cloud infrastructure.
A cloud-based platform that discovers, monitors, and manages non-human identities and their associated credentials across cloud infrastructure.
A data security and AI governance platform that provides unified control and management of data assets across hybrid cloud environments with focus on AI security and compliance.
A data security and AI governance platform that provides unified control and management of data assets across hybrid cloud environments with focus on AI security and compliance.
A remediation orchestration platform that consolidates security alerts, automates triage, and streamlines the remediation process across hybrid environments.
A remediation orchestration platform that consolidates security alerts, automates triage, and streamlines the remediation process across hybrid environments.
An application security platform that aggregates, prioritizes and contextualizes vulnerabilities from multiple security scanners and sources to help manage application and cloud security risks.
An application security platform that aggregates, prioritizes and contextualizes vulnerabilities from multiple security scanners and sources to help manage application and cloud security risks.
A vulnerability remediation platform that consolidates security findings, prioritizes risks using AI, and automates remediation workflows across cloud and application environments.
A vulnerability remediation platform that consolidates security findings, prioritizes risks using AI, and automates remediation workflows across cloud and application environments.
A cloud-native security platform that combines vulnerability management, workload protection, and security monitoring for cloud environments with context-aware threat detection capabilities.
A cloud-native security platform that combines vulnerability management, workload protection, and security monitoring for cloud environments with context-aware threat detection capabilities.
Cloud security platform that provides configuration monitoring, compliance management, and security analysis across multi-cloud environments.
Cloud security platform that provides configuration monitoring, compliance management, and security analysis across multi-cloud environments.
Runtime protection platform that secures AI applications, APIs, and cloud-native environments through automated threat detection and data protection mechanisms.
Runtime protection platform that secures AI applications, APIs, and cloud-native environments through automated threat detection and data protection mechanisms.
A cloud native security platform that uses behavioral fingerprinting and runtime verification to detect threats across Kubernetes environments, cloud infrastructure, and software supply chains.
A cloud native security platform that uses behavioral fingerprinting and runtime verification to detect threats across Kubernetes environments, cloud infrastructure, and software supply chains.
A cloud security platform that combines Kubernetes security scanning, runtime monitoring, and cloud security posture management using Kubescape and eBPF technology.
A cloud security platform that combines Kubernetes security scanning, runtime monitoring, and cloud security posture management using Kubescape and eBPF technology.
Cloud runtime security platform that uses eBPF technology to monitor cloud infrastructure, detect anomalies, and identify potential security threats in real-time.
Cloud runtime security platform that uses eBPF technology to monitor cloud infrastructure, detect anomalies, and identify potential security threats in real-time.
A web application firewall and API security platform that combines API discovery, runtime protection, vulnerability testing, and security posture management.
A web application firewall and API security platform that combines API discovery, runtime protection, vulnerability testing, and security posture management.
Runtime application security platform that provides vulnerability management, patching, and threat detection at the application level during program execution.
Runtime application security platform that provides vulnerability management, patching, and threat detection at the application level during program execution.
Microsoft SEAL is a homomorphic encryption library that allows computations on encrypted data without decryption, supporting integer and approximate real number arithmetic.
Microsoft SEAL is a homomorphic encryption library that allows computations on encrypted data without decryption, supporting integer and approximate real number arithmetic.
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Tumeryk is a comprehensive security solution for large language models and generative AI systems, offering risk assessment, protection against jailbreaks, content moderation, and policy enforcement.
Tumeryk is a comprehensive security solution for large language models and generative AI systems, offering risk assessment, protection against jailbreaks, content moderation, and policy enforcement.
Unbound is a security platform that enables enterprises to control and protect the use of generative AI applications by employees while safeguarding sensitive information.
Unbound is a security platform that enables enterprises to control and protect the use of generative AI applications by employees while safeguarding sensitive information.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Okta Workforce Identity Cloud is an identity and access management platform that provides secure, streamlined access for an organization's workforce across various applications and resources.
Okta Workforce Identity Cloud is an identity and access management platform that provides secure, streamlined access for an organization's workforce across various applications and resources.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
A comprehensive analysis of AWS IAM Access Analyzer, evaluating its capabilities, limitations, and effectiveness in identifying publicly exposed AWS resources.
A comprehensive analysis of AWS IAM Access Analyzer, evaluating its capabilities, limitations, and effectiveness in identifying publicly exposed AWS resources.
Wazuh is an open-source security platform offering unified XDR and SIEM protection for endpoints and cloud workloads, integrating various security functions into a single architecture.
Wazuh is an open-source security platform offering unified XDR and SIEM protection for endpoints and cloud workloads, integrating various security functions into a single architecture.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
The Upstream Security Platform is a cloud-based solution for monitoring and securing connected vehicles and mobility IoT devices, offering features such as cybersecurity detection, API protection, and fraud detection.
The Upstream Security Platform is a cloud-based solution for monitoring and securing connected vehicles and mobility IoT devices, offering features such as cybersecurity detection, API protection, and fraud detection.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
Anvilogic is a SIEM platform that streamlines detection engineering, offers cost-effective data management, and enhances threat detection capabilities.
Anvilogic is a SIEM platform that streamlines detection engineering, offers cost-effective data management, and enhances threat detection capabilities.
Prisma SASE is a cloud-delivered service integrating network security, SD-WAN, and user experience management for comprehensive protection and optimization of hybrid work environments.
Prisma SASE is a cloud-delivered service integrating network security, SD-WAN, and user experience management for comprehensive protection and optimization of hybrid work environments.
AI Access Security is a tool for managing and securing generative AI application usage in organizations, offering visibility, control, and protection features.
AI Access Security is a tool for managing and securing generative AI application usage in organizations, offering visibility, control, and protection features.
StepSecurity is a platform that enhances GitHub Actions security by providing network egress control, risk discovery, action replacement, and security best practices orchestration.
StepSecurity is a platform that enhances GitHub Actions security by providing network egress control, risk discovery, action replacement, and security best practices orchestration.
Apex AI Security Platform provides security, management, and visibility for enterprise use of generative AI technologies.
Apex AI Security Platform provides security, management, and visibility for enterprise use of generative AI technologies.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Akamai MFA is a cloud-based multi-factor authentication solution using FIDO2 standard to secure workforce logins across various applications through smartphone push notifications.
Akamai MFA is a cloud-based multi-factor authentication solution using FIDO2 standard to secure workforce logins across various applications through smartphone push notifications.
Akamai Enterprise Application Access is a ZTNA solution that provides secure, identity-based access to private applications without exposing the network.
Akamai Enterprise Application Access is a ZTNA solution that provides secure, identity-based access to private applications without exposing the network.
Akamai Identity Cloud is a CIAM solution that manages customer identities, enhances user experiences, and ensures data protection and regulatory compliance for high-volume consumer brands.
Akamai Identity Cloud is a CIAM solution that manages customer identities, enhances user experiences, and ensures data protection and regulatory compliance for high-volume consumer brands.
Akamai Guardicore Segmentation is a microsegmentation tool that provides network visibility, policy creation, and enforcement to prevent lateral movement and protect critical assets in diverse IT environments.
Akamai Guardicore Segmentation is a microsegmentation tool that provides network visibility, policy creation, and enforcement to prevent lateral movement and protect critical assets in diverse IT environments.
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
Tessian is an AI-powered cloud email security solution that protects against advanced phishing, account compromise, data exfiltration, and helps coach users on email security.
Tessian is an AI-powered cloud email security solution that protects against advanced phishing, account compromise, data exfiltration, and helps coach users on email security.
Sense Defence is a next-generation web security suite that leverages AI to provide real-time threat detection and blocking.
Sense Defence is a next-generation web security suite that leverages AI to provide real-time threat detection and blocking.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
A tool to escalate SSRF vulnerabilities on modern cloud environments
CloudScraper is a tool for enumerating cloud resources, including S3 Buckets, Azure Blobs, and Digital Ocean Storage Space.
CloudScraper is a tool for enumerating cloud resources, including S3 Buckets, Azure Blobs, and Digital Ocean Storage Space.
Burp extension for identifying cloud buckets and testing for vulnerabilities
Burp extension for identifying cloud buckets and testing for vulnerabilities
A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
A command-line tool to get valuable information out of AWS CloudTrail and a general purpose toolbox for working with IAM policies
S3Scanner scans for misconfigured S3 buckets across S3-compatible APIs, identifying potential security vulnerabilities and data exposure risks.
S3Scanner scans for misconfigured S3 buckets across S3-compatible APIs, identifying potential security vulnerabilities and data exposure risks.
A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.
A cybersecurity blog from Microsoft, featuring articles and guides on various security topics, including AI, threat intelligence, cloud security, and incident response.
AWS serverless cloud security tool for parsing and alerting on CloudTrail logs using EQL.
AWS serverless cloud security tool for parsing and alerting on CloudTrail logs using EQL.
Krampus is a security solution for managing AWS objects and can be used as a cost-control tool.
Krampus is a security solution for managing AWS objects and can be used as a cost-control tool.
A company that helps organizations create security-aware teams and produce bug-free software.
A company that helps organizations create security-aware teams and produce bug-free software.
CLI program for cybersecurity solution management with multiple functionalities and authentication methods.
CLI program for cybersecurity solution management with multiple functionalities and authentication methods.
kube-hunter hunts for security weaknesses in Kubernetes clusters.
kube-hunter hunts for security weaknesses in Kubernetes clusters.
Load-balancing solution by Microsoft Azure with global infrastructure and financial guidance.
Load-balancing solution by Microsoft Azure with global infrastructure and financial guidance.
Automate actions on Security Command Center findings with automated disk snapshots, IAM grant revocation, and more.
Automate actions on Security Command Center findings with automated disk snapshots, IAM grant revocation, and more.
pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.
pfSense is a leading open source firewall and network security solution, providing advanced protection and connectivity options.
Open-source policy-as-code software for multi-cloud and SaaS environments with GPT model conversations and custom analysis policies.
Open-source policy-as-code software for multi-cloud and SaaS environments with GPT model conversations and custom analysis policies.
Open source software for leveraging insights from flow and packet analysis to identify potential security threats or attacks.
Open source software for leveraging insights from flow and packet analysis to identify potential security threats or attacks.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
Cloud-based virus scan APIs for securing files, URLs, and content uploads with advanced anti-virus and malware scanning capabilities.
Tang is a server for binding data to network presence, providing an easy and secure alternative to key escrow.
Tang is a server for binding data to network presence, providing an easy and secure alternative to key escrow.
A detection-as-code platform for streamlining cloud security operations and responding to security incidents.
A detection-as-code platform for streamlining cloud security operations and responding to security incidents.
A tool for discovering company infrastructure and apps on major cloud providers, beneficial for bug bounty hunters and penetration testers.
A tool for discovering company infrastructure and apps on major cloud providers, beneficial for bug bounty hunters and penetration testers.
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.
A search engine for open Amazon S3 buckets and their contents, allowing users to search for files using keywords, filename extensions, and full path.
Orchestration toolchain for scanning source code and infrastructure IaC against security risks.
Orchestration toolchain for scanning source code and infrastructure IaC against security risks.
A serverless application for creating and monitoring URL tokens with threat intelligence and customizable alerts.
A serverless application for creating and monitoring URL tokens with threat intelligence and customizable alerts.
Lists AWS resources using the AWS Cloud Control API and writes them to a JSON output file.
Lists AWS resources using the AWS Cloud Control API and writes them to a JSON output file.
Managed Kubernetes Inspection Tool leveraging FOSS tools to query and validate security-related settings.
Managed Kubernetes Inspection Tool leveraging FOSS tools to query and validate security-related settings.
AWS account compliance using centrally managed Config Rules
Cloud Custodian (c7n) is a rules engine for managing public cloud accounts and resources with a focus on security, compliance, and cost optimization.
Cloud Custodian (c7n) is a rules engine for managing public cloud accounts and resources with a focus on security, compliance, and cost optimization.
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
Tenzir is a data pipeline solution for optimizing cloud and data costs, running detections and analytics.
Tenzir is a data pipeline solution for optimizing cloud and data costs, running detections and analytics.
A technology-focused blog discussing innovations in painting and the importance of expert painters.
A technology-focused blog discussing innovations in painting and the importance of expert painters.
Implements a cloud version of the Shadow Copy attack against domain controllers in AWS, allowing theft of domain user hashes.
Implements a cloud version of the Shadow Copy attack against domain controllers in AWS, allowing theft of domain user hashes.
Sangfor Technologies is a leading cybersecurity, cloud, and infrastructure vendor providing effective cybersecurity and efficient enterprise cloud solutions.
Sangfor Technologies is a leading cybersecurity, cloud, and infrastructure vendor providing effective cybersecurity and efficient enterprise cloud solutions.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
A comprehensive incident response and threat hunting tool for Google Cloud Platform, providing logs and forensic data for effective incident response and threat hunting.
SentinelOne's Singularity Platform is an AI-powered enterprise security platform providing autonomous endpoint, cloud, identity, and data protection through its integrated XDR solution.
SentinelOne's Singularity Platform is an AI-powered enterprise security platform providing autonomous endpoint, cloud, identity, and data protection through its integrated XDR solution.
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
A community-driven list of sample security analytics for auditing cloud usage and detecting threats in Google Cloud.
A community-driven list of sample security analytics for auditing cloud usage and detecting threats in Google Cloud.
An open-sourced framework for managing resources across hundreds of AWS Accounts
An open-sourced framework for managing resources across hundreds of AWS Accounts
Azure DDoS Protection and Mitigation Services by Microsoft Azure for secure cloud solutions.
Azure DDoS Protection and Mitigation Services by Microsoft Azure for secure cloud solutions.
A learning and training project demonstrating common configuration errors in cloud environments.
A learning and training project demonstrating common configuration errors in cloud environments.
Multi-account cloud security tool for AWS with real-time reporting and auto-remediation capabilities.
Multi-account cloud security tool for AWS with real-time reporting and auto-remediation capabilities.
IAM Zero detects IAM issues and suggests least-privilege policies for AWS and other cloud platforms.
IAM Zero detects IAM issues and suggests least-privilege policies for AWS and other cloud platforms.
Comprehensive set of security controls for various AWS services to ensure a secure cloud environment.
Comprehensive set of security controls for various AWS services to ensure a secure cloud environment.
Comprehensive cybersecurity tool for Microsoft Azure providing CSPM & CWPP capabilities.
Comprehensive cybersecurity tool for Microsoft Azure providing CSPM & CWPP capabilities.
Tool for analyzing cloud resources against best practices and generating reports.
Tool for analyzing cloud resources against best practices and generating reports.
Microsoft Azure's dedicated HSM for secure key management and cryptographic operations.
Microsoft Azure's dedicated HSM for secure key management and cryptographic operations.
Azucar is a multi-threaded plugin-based tool for assessing Azure Cloud security.
Azucar is a multi-threaded plugin-based tool for assessing Azure Cloud security.
Continually audit your AWS usage to simplify risk and compliance assessment.
Continually audit your AWS usage to simplify risk and compliance assessment.
Nuvola is a tool for security analysis on AWS environments with a focus on creating a digital twin of cloud platforms.
Nuvola is a tool for security analysis on AWS environments with a focus on creating a digital twin of cloud platforms.
CloudFox helps gain situational awareness in unfamiliar cloud environments for penetration testers and offensive security professionals.
CloudFox helps gain situational awareness in unfamiliar cloud environments for penetration testers and offensive security professionals.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
Metadata repository with installation tools and cloud provider support.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
Microsoft Azure service for safeguarding cryptographic keys and secrets.
Microsoft Azure service for safeguarding cryptographic keys and secrets.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
Pacu is an open-source AWS exploitation framework for offensive security testing against cloud environments.
A dynamic infrastructure framework for efficient multi-cloud security operations and distributed scanning.
A dynamic infrastructure framework for efficient multi-cloud security operations and distributed scanning.
A tool for searching through public EBS snapshots for secrets, organized as an Elastic Beanstalk application.
A tool for searching through public EBS snapshots for secrets, organized as an Elastic Beanstalk application.
Create Docker container images for testing and long-term use.
Create Docker container images for testing and long-term use.
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
Comprehensive cybersecurity platform for hybrid and multi-cloud environments
A tool for identifying security issues in CloudFormation templates.
A game packed with real-life examples of how not to store secrets in software, with 46 challenges to solve.
A game packed with real-life examples of how not to store secrets in software, with 46 challenges to solve.