Compliance
Explore 139 curated tools and resources
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Free
Resources
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Commercial
Application Security
Check Point CloudGuard WAF
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
Commercial
Application Security
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Commercial
Cloud Security
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Commercial
Application Security
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
LATEST ADDITIONS
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
A cloud-based DAST solution that discovers, inventories, and tests web applications and APIs for security vulnerabilities across diverse environments.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
DerScanner is a comprehensive application security testing platform that combines SAST, DAST, MAST, SCA, and Binary Analysis capabilities with support for on-premises deployment and CI/CD integration.
An endpoint data loss prevention solution that discovers, classifies, and protects sensitive data while controlling data transfer methods and mitigating insider threats.
A comprehensive cloud security platform that combines vulnerability management, compliance monitoring, and automated remediation capabilities through an agentless architecture to protect cloud infrastructure and applications.
A centralized vulnerability lifecycle management platform that tracks security issues from discovery to closure with real-time status updates.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
Pathlock is an identity security platform that provides compliance-focused governance, access management, and continuous controls monitoring across enterprise applications with particular emphasis on ERP systems.
An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.
Egress Prevent is an email data loss prevention solution that helps organizations detect and prevent outbound email breaches caused by human error or malicious intent.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
A cloud and database asset intelligence platform that provides continuous monitoring, compliance management, and security posture assessment across hybrid cloud environments.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A platform that maps enterprise attack surfaces by consolidating asset inventory, prioritizing vulnerabilities based on exposure, and providing contextual visualization of security risks.
A cloud native application protection platform that provides security monitoring and protection across cloud, on-premises, and hybrid environments.
Kiteworks is a unified platform that secures, tracks, and controls sensitive content communications across email, file sharing, managed file transfer, and web forms to ensure regulatory compliance and data protection.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
A vulnerability and exposure management platform that unifies security tool data, automates workflows, and provides risk-based prioritization for enterprise vulnerability management programs.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Airlock Secure Access Hub is an integrated security platform that combines identity and access management with web application and API protection to secure digital applications while maintaining user experience.
An integrated application security platform that combines software composition analysis, container scanning, and runtime security monitoring to identify and prioritize vulnerabilities based on actual usage and risk.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.
A Non-Human Identity Management platform that provides discovery, security, and lifecycle management for machine identities across hybrid cloud environments.
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
A data security and AI governance platform that provides unified control and management of data assets across hybrid cloud environments with focus on AI security and compliance.
Security design review automation tool that scans design documents and provides security requirements to development teams during the planning phase.
A platform that provides visibility and security monitoring of hardware, firmware, and software components in IT infrastructure to identify supply chain risks and vulnerabilities.
A data security platform that provides automated sensitive data discovery, access control, monitoring, and compliance capabilities for organizations managing data across multiple storage platforms.
Security awareness training platform that uses gamification to deliver short cybersecurity education modules to employees while tracking their progress and compliance.
A security platform that provides monitoring, control, and protection mechanisms for organizations using generative AI and large language models.
Unbound is a security platform that enables enterprises to control and protect the use of generative AI applications by employees while safeguarding sensitive information.
Uno.ai is an AI-powered GRC platform that automates various governance, risk, and compliance processes to enhance efficiency and risk management.
A-LIGN provides cybersecurity compliance audits and certifications, offering a range of services including SOC 2, ISO 27001, HITRUST, and FedRAMP, along with a technology platform for audit management.
Wald.ai is an AI security platform that provides enterprise access to multiple AI assistants while ensuring data protection and regulatory compliance.
SecTemplates offers free, comprehensive security program templates and resources for infosec professionals and startups lacking dedicated security teams.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
PII Crawler is a data scanning tool that identifies and locates Personally Identifiable Information in various file types and databases.
Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
API Security is a comprehensive solution that provides continuous discovery, vulnerability assessment, threat detection, compliance monitoring, dynamic testing, and remediation capabilities to protect APIs against various threats and vulnerabilities.
Akamai Identity Cloud is a CIAM solution that manages customer identities, enhances user experiences, and ensures data protection and regulatory compliance for high-volume consumer brands.
Online IT Security and Privacy Awareness training courses to help companies meet compliance requirements and reduce cybersecurity risks.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
ServiceNow Governance, Risk, and Compliance (GRC) is an integrated suite of products that enables organizations to build operational resilience, mitigate risks, and ensure compliance across the enterprise through a unified platform, data model, AI-powered insights, and automated workflows.
SAP GRC and cybersecurity solutions provide integrated capabilities for managing enterprise risk, compliance, international trade, cybersecurity, and identity and access governance, leveraging predictive analytics, real-time monitoring, and automation.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
Drata is a cloud-based platform that automates security and compliance processes, evidence collection, and audit preparation for various industry standards and regulations.
A tool for achieving and proving compliance with NIST 800-171 and CMMC cybersecurity requirements
Verity is a comprehensive compliance management tool that helps organizations manage their governance, risk, and compliance initiatives.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
A tool for discovering, analyzing, and remedying sensitive data
A next-generation file integrity monitoring and change detection system
A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
A GaaS platform that simplifies and streamlines compliance processes for MSPs, ensuring their policies are properly aligned, authorized, adopted, and assessed.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A compliant audit log tool that provides a searchable, exportable record of read/write events.
InfoRisk Today is a key resource for news and insights on information risk management and cybersecurity education.
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
CLI program for cybersecurity solution management with multiple functionalities and authentication methods.
A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.
A repository of pre-defined detections for security threats and abnormal behaviors in Falco.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
A module that enforces HTTPS connections and automatically redirects non-encrypted HTTP requests to HTTPS.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
Orchestration toolchain for scanning source code and infrastructure IaC against security risks.
AWS account compliance using centrally managed Config Rules
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
Tool for assessing compliance and running vulnerability scans on Docker images.
A technology-focused blog discussing innovations in painting and the importance of expert painters.
Guidelines for contributing to a cybersecurity tools and resources list
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
On-demand access to AWS and ISV compliance reports with time-saving benefits.
A summary of the threat modeling posts and final thoughts on the process
Microsoft BitLocker is a full volume encryption feature in Windows for protecting data on lost or stolen devices, with tools and resources for implementation.
Continually audit your AWS usage to simplify risk and compliance assessment.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
A Python script to check system compliance against CIS Benchmarks with customizable options.
Metadata repository with installation tools and cloud provider support.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
Cybersecurity conference featuring talks on various hacking topics by industry experts.
A documentation template library for implementing industrial information security management systems.
An open source cloud security platform for discovering, prioritizing, and remediating risks in the cloud.
CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates.
Automatically compile AWS SCPs for compliant AWS services based on preferred frameworks.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
A tool for monitoring and managing device compliance and security across multiple platforms
AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Open source application to instantly remediate common security issues through the use of AWS Config.
A tool for auditing and reporting Unix host security with the ability to perform a lockdown.
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
Assess, audit, and evaluate configurations of AWS resources.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
Scripts to quickly fix security and compliance issues
A customized AWS EKS setup for PCI-DSS, SOC2, and HIPAA compliance
A tool to analyze and audit AWS environments for security issues and misconfigurations.
A tool to capture all the git secrets by leveraging multiple open source git searching tools.
Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.
Collects and organizes Linux OS data for detailed analysis and incident response.
A system for reserving classrooms at the University of Pisa.
BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.
A centralized platform for managing open source components and automating software supply chain security.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
A community-driven GRC solution that is simple, affordable, and open-source.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Track user activity and API usage on AWS and in hybrid and multicloud environments.
AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.
A free online tool that scans and fixes common security issues in WordPress websites.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A comprehensive guide to securing Industrial Control Systems (ICS) from cyber threats, published by NIST.
Absolute Security provides a comprehensive cybersecurity platform that offers endpoint-to-network access coverage, automated security compliance, and secure endpoint and access solutions.
Receive important notifications and updates related to North American electric grid security.
Docker's Actuary automates security best-practices checks for Docker containers.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
Lockdown Enterprise is a subscription service for Ansible Lockdown to automate security benchmark compliance.
A community website for API security news, vulnerabilities, and best practices
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
CloudTracker helps identify over-privileged IAM users and roles by analyzing CloudTrail logs.
Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.
An open-source artifact metadata API for managing metadata about software resources and governing the software supply chain.
Validate baseline cybersecurity skills with CompTIA Security+ certification.