89 tools and resources
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
Drata is a cloud-based platform that automates security and compliance processes, evidence collection, and audit preparation for various industry standards and regulations.
A tool for achieving and proving compliance with NIST 800-171 and CMMC cybersecurity requirements
Verity is a comprehensive compliance management tool that helps organizations manage their governance, risk, and compliance initiatives.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
A tool for discovering, analyzing, and remedying sensitive data
A next-generation file integrity monitoring and change detection system
A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
A GaaS platform that simplifies and streamlines compliance processes for MSPs, ensuring their policies are properly aligned, authorized, adopted, and assessed.
Monitors GitHub for leaked secrets
A tool for testing AWS S3 bucket permissions and security
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A compliant audit log tool that provides a searchable, exportable record of read/write events.
InfoRisk Today is a key resource for news and insights on information risk management and cybersecurity education.
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
CLI program for cybersecurity solution management with multiple functionalities and authentication methods.
A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.
A repository of pre-defined detections for security threats and abnormal behaviors in Falco.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
A module that enforces HTTPS connections and automatically redirects non-encrypted HTTP requests to HTTPS.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
Orchestration toolchain for scanning source code and infrastructure IaC against security risks.
AWS account compliance using centrally managed Config Rules
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
Tool for assessing compliance and running vulnerability scans on Docker images.
A technology-focused blog discussing innovations in painting and the importance of expert painters.
Guidelines for contributing to a cybersecurity tools and resources list
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
On-demand access to AWS and ISV compliance reports with time-saving benefits.
A summary of the threat modeling posts and final thoughts on the process
Microsoft BitLocker is a full volume encryption feature in Windows for protecting data on lost or stolen devices, with tools and resources for implementation.
Continually audit your AWS usage to simplify risk and compliance assessment.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
A Python script to check system compliance against CIS Benchmarks with customizable options.
Metadata repository with installation tools and cloud provider support.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
Cybersecurity conference featuring talks on various hacking topics by industry experts.
A documentation template library for implementing industrial information security management systems.
An open source cloud security platform for discovering, prioritizing, and remediating risks in the cloud.
CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates.
Automatically compile AWS SCPs for compliant AWS services based on preferred frameworks.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
A tool for monitoring and managing device compliance and security across multiple platforms
AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Open source application to instantly remediate common security issues through the use of AWS Config.
A tool for auditing and reporting Unix host security with the ability to perform a lockdown.
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
Assess, audit, and evaluate configurations of AWS resources.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
Scripts to quickly fix security and compliance issues
A customized AWS EKS setup for PCI-DSS, SOC2, and HIPAA compliance
A tool to analyze and audit AWS environments for security issues and misconfigurations.
A tool to capture all the git secrets by leveraging multiple open source git searching tools.
Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.
Collects and organizes Linux OS data for detailed analysis and incident response.
A system for reserving classrooms at the University of Pisa.
BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.
A centralized platform for managing open source components and automating software supply chain security.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
A community-driven GRC solution that is simple, affordable, and open-source.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Track user activity and API usage on AWS and in hybrid and multicloud environments.
AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.
A free online tool that scans and fixes common security issues in WordPress websites.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A comprehensive guide to securing Industrial Control Systems (ICS) from cyber threats, published by NIST.
Absolute Security provides a comprehensive cybersecurity platform that offers endpoint-to-network access coverage, automated security compliance, and secure endpoint and access solutions.
Receive important notifications and updates related to North American electric grid security.
Docker's Actuary automates security best-practices checks for Docker containers.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
Lockdown Enterprise is a subscription service for Ansible Lockdown to automate security benchmark compliance.
A community website for API security news, vulnerabilities, and best practices
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
CloudTracker helps identify over-privileged IAM users and roles by analyzing CloudTrail logs.
Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.
An open-source artifact metadata API for managing metadata about software resources and governing the software supply chain.
Validate baseline cybersecurity skills with CompTIA Security+ certification.
