Compliance
Explore 152 curated tools and resources
Search tools and resources by name, description, or purpose... (⌘+K)
PINNED
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native web application and API security solution that uses contextual AI to protect against known and zero-day threats without signature-based detection.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
LATEST ADDITIONS
An Application Security Posture Management platform that provides visibility, security controls, and automated workflows across the software development lifecycle from code to cloud.
An Application Security Posture Management platform that provides visibility, security controls, and automated workflows across the software development lifecycle from code to cloud.
An API security and governance platform that provides discovery, security testing, compliance monitoring and lifecycle management capabilities for enterprise API implementations.
An API security and governance platform that provides discovery, security testing, compliance monitoring and lifecycle management capabilities for enterprise API implementations.
A comprehensive application security platform that combines runtime protection, security testing, and monitoring capabilities across the entire application lifecycle.
A comprehensive application security platform that combines runtime protection, security testing, and monitoring capabilities across the entire application lifecycle.
A cloud-based identity and access management solution that provides access governance, compliance monitoring, and risk management for hybrid environments.
A cloud-based identity and access management solution that provides access governance, compliance monitoring, and risk management for hybrid environments.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.
A human risk management platform that identifies, assesses, and mitigates security risks associated with employee behavior through monitoring, targeted interventions, and comprehensive reporting.
A human risk management platform that identifies, assesses, and mitigates security risks associated with employee behavior through monitoring, targeted interventions, and comprehensive reporting.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
AKATI Sekurity is a global cybersecurity consulting firm providing managed security services, governance and compliance, security consulting, and digital forensics and incident response across multiple industries.
ASPIA InfoTech offers a unified platform for enterprise security workflow automation with solutions spanning application security, vulnerability management, GRC, and security incident management.
ASPIA InfoTech offers a unified platform for enterprise security workflow automation with solutions spanning application security, vulnerability management, GRC, and security incident management.
A cloud-native security platform that provides asset inventory, vulnerability management, compliance monitoring, and security posture management across multiple cloud providers.
A cloud-native security platform that provides asset inventory, vulnerability management, compliance monitoring, and security posture management across multiple cloud providers.
An AI-powered data security governance platform that autonomously discovers, classifies, monitors, and protects sensitive information across cloud and on-premises environments.
An AI-powered data security governance platform that autonomously discovers, classifies, monitors, and protects sensitive information across cloud and on-premises environments.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
Cytrusst is an integrated cybersecurity platform that combines GRC, attack surface management, cloud security posture management, and third-party risk management with support for multiple compliance frameworks.
A data security and governance platform that provides automated discovery, classification, and protection of sensitive data across cloud, on-premises, and hybrid environments.
A data security and governance platform that provides automated discovery, classification, and protection of sensitive data across cloud, on-premises, and hybrid environments.
A centralized application security posture management platform that integrates security tools, automates workflows, and provides visibility into application security risks.
A centralized application security posture management platform that integrates security tools, automates workflows, and provides visibility into application security risks.
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
An API security platform that combines discovery, compliance monitoring, and protection capabilities to defend against API attacks, automated threats, and data exposure.
A cloud-based DAST solution that discovers, inventories, and tests web applications and APIs for security vulnerabilities across diverse environments.
A cloud-based DAST solution that discovers, inventories, and tests web applications and APIs for security vulnerabilities across diverse environments.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
Network Intelligence is a cybersecurity services provider offering comprehensive security solutions through their ADVISE framework, including detection and response, compliance, data privacy, and secure digital transformation services across multiple industries.
DerScanner is a comprehensive application security testing platform that combines SAST, DAST, MAST, SCA, and Binary Analysis capabilities with support for on-premises deployment and CI/CD integration.
DerScanner is a comprehensive application security testing platform that combines SAST, DAST, MAST, SCA, and Binary Analysis capabilities with support for on-premises deployment and CI/CD integration.
An endpoint data loss prevention solution that discovers, classifies, and protects sensitive data while controlling data transfer methods and mitigating insider threats.
An endpoint data loss prevention solution that discovers, classifies, and protects sensitive data while controlling data transfer methods and mitigating insider threats.
A comprehensive cloud security platform that combines vulnerability management, compliance monitoring, and automated remediation capabilities through an agentless architecture to protect cloud infrastructure and applications.
A comprehensive cloud security platform that combines vulnerability management, compliance monitoring, and automated remediation capabilities through an agentless architecture to protect cloud infrastructure and applications.
A centralized vulnerability lifecycle management platform that tracks security issues from discovery to closure with real-time status updates.
A centralized vulnerability lifecycle management platform that tracks security issues from discovery to closure with real-time status updates.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
An enterprise vulnerability and exposure risk management platform that consolidates, prioritizes, and orchestrates remediation of security vulnerabilities across infrastructure, applications, and cloud environments.
Pathlock is an identity security platform that provides compliance-focused governance, access management, and continuous controls monitoring across enterprise applications with particular emphasis on ERP systems.
Pathlock is an identity security platform that provides compliance-focused governance, access management, and continuous controls monitoring across enterprise applications with particular emphasis on ERP systems.
An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.
An Application Security Posture Management platform that helps organizations integrate security throughout the software development lifecycle with a focus on vulnerability management and secure coding practices.
Egress Prevent is an email data loss prevention solution that helps organizations detect and prevent outbound email breaches caused by human error or malicious intent.
Egress Prevent is an email data loss prevention solution that helps organizations detect and prevent outbound email breaches caused by human error or malicious intent.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
StrikeOne is a vulnerability management platform with AI capabilities that helps organizations identify, prioritize, and remediate security vulnerabilities through attack surface management, vulnerability management, and cybersecurity posture assessment.
A cloud and database asset intelligence platform that provides continuous monitoring, compliance management, and security posture assessment across hybrid cloud environments.
A cloud and database asset intelligence platform that provides continuous monitoring, compliance management, and security posture assessment across hybrid cloud environments.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A data-driven OT risk management platform that uses digital twin technology and breach simulations to assess cybersecurity risks, optimize mitigation strategies, and ensure compliance with industry standards.
A platform that maps enterprise attack surfaces by consolidating asset inventory, prioritizing vulnerabilities based on exposure, and providing contextual visualization of security risks.
A platform that maps enterprise attack surfaces by consolidating asset inventory, prioritizing vulnerabilities based on exposure, and providing contextual visualization of security risks.
A cloud native application protection platform that provides security monitoring and protection across cloud, on-premises, and hybrid environments.
A cloud native application protection platform that provides security monitoring and protection across cloud, on-premises, and hybrid environments.
Kiteworks is a unified platform that secures, tracks, and controls sensitive content communications across email, file sharing, managed file transfer, and web forms to ensure regulatory compliance and data protection.
Kiteworks is a unified platform that secures, tracks, and controls sensitive content communications across email, file sharing, managed file transfer, and web forms to ensure regulatory compliance and data protection.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
XRATOR is a cybersecurity platform that continuously identifies vulnerabilities, assesses business risks, and manages security posture to align with strategic objectives and compliance requirements.
A vulnerability and exposure management platform that unifies security tool data, automates workflows, and provides risk-based prioritization for enterprise vulnerability management programs.
A vulnerability and exposure management platform that unifies security tool data, automates workflows, and provides risk-based prioritization for enterprise vulnerability management programs.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
Airlock Secure Access Hub is an integrated security platform that combines identity and access management with web application and API protection to secure digital applications while maintaining user experience.
Airlock Secure Access Hub is an integrated security platform that combines identity and access management with web application and API protection to secure digital applications while maintaining user experience.
An integrated application security platform that combines software composition analysis, container scanning, and runtime security monitoring to identify and prioritize vulnerabilities based on actual usage and risk.
An integrated application security platform that combines software composition analysis, container scanning, and runtime security monitoring to identify and prioritize vulnerabilities based on actual usage and risk.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
A cyber risk management platform that financially quantifies cyber risks and provides actionable mitigation strategies while integrating with insurance coverage.
An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.
An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.
A Non-Human Identity Management platform that provides discovery, security, and lifecycle management for machine identities across hybrid cloud environments.
A Non-Human Identity Management platform that provides discovery, security, and lifecycle management for machine identities across hybrid cloud environments.
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
A data security and AI governance platform that provides unified control and management of data assets across hybrid cloud environments with focus on AI security and compliance.
A data security and AI governance platform that provides unified control and management of data assets across hybrid cloud environments with focus on AI security and compliance.
Security design review automation tool that scans design documents and provides security requirements to development teams during the planning phase.
Security design review automation tool that scans design documents and provides security requirements to development teams during the planning phase.
A platform that provides visibility and security monitoring of hardware, firmware, and software components in IT infrastructure to identify supply chain risks and vulnerabilities.
A platform that provides visibility and security monitoring of hardware, firmware, and software components in IT infrastructure to identify supply chain risks and vulnerabilities.
A data security platform that provides automated sensitive data discovery, access control, monitoring, and compliance capabilities for organizations managing data across multiple storage platforms.
A data security platform that provides automated sensitive data discovery, access control, monitoring, and compliance capabilities for organizations managing data across multiple storage platforms.
Security awareness training platform that uses gamification to deliver short cybersecurity education modules to employees while tracking their progress and compliance.
Security awareness training platform that uses gamification to deliver short cybersecurity education modules to employees while tracking their progress and compliance.
A security platform that provides monitoring, control, and protection mechanisms for organizations using generative AI and large language models.
A security platform that provides monitoring, control, and protection mechanisms for organizations using generative AI and large language models.
Unbound is a security platform that enables enterprises to control and protect the use of generative AI applications by employees while safeguarding sensitive information.
Unbound is a security platform that enables enterprises to control and protect the use of generative AI applications by employees while safeguarding sensitive information.
Uno.ai is an AI-powered GRC platform that automates various governance, risk, and compliance processes to enhance efficiency and risk management.
Uno.ai is an AI-powered GRC platform that automates various governance, risk, and compliance processes to enhance efficiency and risk management.
A-LIGN provides cybersecurity compliance audits and certifications, offering a range of services including SOC 2, ISO 27001, HITRUST, and FedRAMP, along with a technology platform for audit management.
A-LIGN provides cybersecurity compliance audits and certifications, offering a range of services including SOC 2, ISO 27001, HITRUST, and FedRAMP, along with a technology platform for audit management.
Wald.ai is an AI security platform that provides enterprise access to multiple AI assistants while ensuring data protection and regulatory compliance.
Wald.ai is an AI security platform that provides enterprise access to multiple AI assistants while ensuring data protection and regulatory compliance.
SecTemplates offers free, comprehensive security program templates and resources for infosec professionals and startups lacking dedicated security teams.
SecTemplates offers free, comprehensive security program templates and resources for infosec professionals and startups lacking dedicated security teams.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Zania is an AI-driven platform that automates security and compliance tasks using autonomous agents for security inquiries, compliance assessments, and privacy regulation adherence.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
Cyera is a data security platform that discovers, classifies, and secures sensitive data across various environments, offering features such as DSPM, identity data access, and data privacy compliance.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
ScubaGear assesses Microsoft 365 tenant configurations against CISA Secure Configuration Baselines, using PowerShell and Open Policy Agent to compare settings and generate compliance reports.
PII Crawler is a data scanning tool that identifies and locates Personally Identifiable Information in various file types and databases.
PII Crawler is a data scanning tool that identifies and locates Personally Identifiable Information in various file types and databases.
Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.
Provides AI-driven cybersecurity solutions including assessments, training, compliance services, and insurance audits to help organizations reduce risk and build a security-aware culture.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.
API Security is a comprehensive solution that provides continuous discovery, vulnerability assessment, threat detection, compliance monitoring, dynamic testing, and remediation capabilities to protect APIs against various threats and vulnerabilities.
API Security is a comprehensive solution that provides continuous discovery, vulnerability assessment, threat detection, compliance monitoring, dynamic testing, and remediation capabilities to protect APIs against various threats and vulnerabilities.
Akamai Identity Cloud is a CIAM solution that manages customer identities, enhances user experiences, and ensures data protection and regulatory compliance for high-volume consumer brands.
Akamai Identity Cloud is a CIAM solution that manages customer identities, enhances user experiences, and ensures data protection and regulatory compliance for high-volume consumer brands.
Online IT Security and Privacy Awareness training courses to help companies meet compliance requirements and reduce cybersecurity risks.
Online IT Security and Privacy Awareness training courses to help companies meet compliance requirements and reduce cybersecurity risks.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
ISO2HANDLE is a powerful software that provides a total solution for Q&R professionals, trusted by over 50,000 users and 750+ organizations worldwide.
ServiceNow Governance, Risk, and Compliance (GRC) is an integrated suite of products that enables organizations to build operational resilience, mitigate risks, and ensure compliance across the enterprise through a unified platform, data model, AI-powered insights, and automated workflows.
ServiceNow Governance, Risk, and Compliance (GRC) is an integrated suite of products that enables organizations to build operational resilience, mitigate risks, and ensure compliance across the enterprise through a unified platform, data model, AI-powered insights, and automated workflows.
SAP GRC and cybersecurity solutions provide integrated capabilities for managing enterprise risk, compliance, international trade, cybersecurity, and identity and access governance, leveraging predictive analytics, real-time monitoring, and automation.
SAP GRC and cybersecurity solutions provide integrated capabilities for managing enterprise risk, compliance, international trade, cybersecurity, and identity and access governance, leveraging predictive analytics, real-time monitoring, and automation.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
A cloud-native SIEM platform that provides security analytics, intuitive workflow, and simplified incident response to help security teams defend against cyber threats.
Drata is a cloud-based platform that automates security and compliance processes, evidence collection, and audit preparation for various industry standards and regulations.
Drata is a cloud-based platform that automates security and compliance processes, evidence collection, and audit preparation for various industry standards and regulations.
A tool for achieving and proving compliance with NIST 800-171 and CMMC cybersecurity requirements
A tool for achieving and proving compliance with NIST 800-171 and CMMC cybersecurity requirements
Verity is a comprehensive compliance management tool that helps organizations manage their governance, risk, and compliance initiatives.
Verity is a comprehensive compliance management tool that helps organizations manage their governance, risk, and compliance initiatives.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
Anchore Enterprise is a platform that protects and secures software supply chains end-to-end.
A tool for discovering, analyzing, and remedying sensitive data
A tool for discovering, analyzing, and remedying sensitive data
A next-generation file integrity monitoring and change detection system
A next-generation file integrity monitoring and change detection system
A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.
A powerful tool that enables organizations to discover, manage, and secure privileged access, helping to reduce the risks associated with privileged accounts and activities.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
VIDOC is an AI-powered security tool that automates code review, detects and fixes vulnerabilities, and monitors external security, ensuring the integrity of both human-written and AI-generated code in software development pipelines.
A GaaS platform that simplifies and streamlines compliance processes for MSPs, ensuring their policies are properly aligned, authorized, adopted, and assessed.
A GaaS platform that simplifies and streamlines compliance processes for MSPs, ensuring their policies are properly aligned, authorized, adopted, and assessed.
Monitors GitHub for leaked secrets
A tool for testing AWS S3 bucket permissions and security
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A tool for scanning and identifying potential security risks in GitHub organizations, users, and repositories.
A compliant audit log tool that provides a searchable, exportable record of read/write events.
A compliant audit log tool that provides a searchable, exportable record of read/write events.
InfoRisk Today is a key resource for news and insights on information risk management and cybersecurity education.
InfoRisk Today is a key resource for news and insights on information risk management and cybersecurity education.
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
A GitHub App that monitors GitHub organizations or repositories for adherence to security best practices and detects policy violations.
CLI program for cybersecurity solution management with multiple functionalities and authentication methods.
CLI program for cybersecurity solution management with multiple functionalities and authentication methods.
A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.
A log management solution that optimizes SIEM performance, provides rapid search and troubleshooting, and meets compliance requirements.
A repository of pre-defined detections for security threats and abnormal behaviors in Falco.
A repository of pre-defined detections for security threats and abnormal behaviors in Falco.
An open-source security tool for AWS, Azure, Google Cloud, and Kubernetes security assessments and audits.
A module that enforces HTTPS connections and automatically redirects non-encrypted HTTP requests to HTTPS.
A module that enforces HTTPS connections and automatically redirects non-encrypted HTTP requests to HTTPS.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
Bastille-Linux is a system hardening program that proactively configures the system for increased security and educates users about security settings.
Orchestration toolchain for scanning source code and infrastructure IaC against security risks.
Orchestration toolchain for scanning source code and infrastructure IaC against security risks.
AWS account compliance using centrally managed Config Rules
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
AWS Scout2 is a security tool for AWS administrators to assess their environment's security posture.
Tool for assessing compliance and running vulnerability scans on Docker images.
Tool for assessing compliance and running vulnerability scans on Docker images.
A technology-focused blog discussing innovations in painting and the importance of expert painters.
A technology-focused blog discussing innovations in painting and the importance of expert painters.
Guidelines for contributing to a cybersecurity tools and resources list
Guidelines for contributing to a cybersecurity tools and resources list
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
PacBot is a platform for continuous compliance monitoring, compliance reporting, and security automation for the cloud, with a plugin-based data ingestion architecture.
On-demand access to AWS and ISV compliance reports with time-saving benefits.
A summary of the threat modeling posts and final thoughts on the process
A summary of the threat modeling posts and final thoughts on the process
Microsoft BitLocker is a full volume encryption feature in Windows for protecting data on lost or stolen devices, with tools and resources for implementation.
Microsoft BitLocker is a full volume encryption feature in Windows for protecting data on lost or stolen devices, with tools and resources for implementation.
Continually audit your AWS usage to simplify risk and compliance assessment.
Continually audit your AWS usage to simplify risk and compliance assessment.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring.
ElectricEye is a multi-cloud, multi-SaaS Python CLI tool for Asset Management, Security Posture Management & Attack Surface Monitoring.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
An all-in-one email outreach platform for finding and connecting with professionals, with features for lead discovery, email verification, and cold email campaigns.
A Python script to check system compliance against CIS Benchmarks with customizable options.
A Python script to check system compliance against CIS Benchmarks with customizable options.
Metadata repository with installation tools and cloud provider support.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
Open-source project for detecting security risks in cloud infrastructure accounts with support for AWS, Azure, GCP, OCI, and GitHub.
Cybersecurity conference featuring talks on various hacking topics by industry experts.
Cybersecurity conference featuring talks on various hacking topics by industry experts.
A documentation template library for implementing industrial information security management systems.
A documentation template library for implementing industrial information security management systems.
An open source cloud security platform for discovering, prioritizing, and remediating risks in the cloud.
An open source cloud security platform for discovering, prioritizing, and remediating risks in the cloud.
CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.
CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates.
CFRipper is a Library and CLI security analyzer for AWS CloudFormation templates.
Automatically compile AWS SCPs for compliant AWS services based on preferred frameworks.
Automatically compile AWS SCPs for compliant AWS services based on preferred frameworks.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
A comprehensive guide for computer security incident handling, providing guidelines for establishing incident response capabilities and handling incidents efficiently and effectively.
A tool for monitoring and managing device compliance and security across multiple platforms
A tool for monitoring and managing device compliance and security across multiple platforms
AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.
AWS Cloud Security offers security services and compliance tools for securing data and applications on AWS.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
A comprehensive toolkit for web application security testing, offering a range of products and solutions for identifying vulnerabilities and improving security posture.
Open source application to instantly remediate common security issues through the use of AWS Config.
Open source application to instantly remediate common security issues through the use of AWS Config.
A tool for auditing and reporting Unix host security with the ability to perform a lockdown.
A tool for auditing and reporting Unix host security with the ability to perform a lockdown.
Static code analyzer for Infrastructure as Code with 500+ security policies and support for various IaC tools and cloud platforms.
Assess, audit, and evaluate configurations of AWS resources.
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
A structured approach for conducting penetration tests with seven main sections covering all aspects of the test.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
Detect off-instance key usage in AWS by analyzing CloudTrail files locally.
Scripts to quickly fix security and compliance issues
A customized AWS EKS setup for PCI-DSS, SOC2, and HIPAA compliance
A customized AWS EKS setup for PCI-DSS, SOC2, and HIPAA compliance
A tool to analyze and audit AWS environments for security issues and misconfigurations.
A tool to analyze and audit AWS environments for security issues and misconfigurations.
A tool to capture all the git secrets by leveraging multiple open source git searching tools.
A tool to capture all the git secrets by leveraging multiple open source git searching tools.
Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.
Altoro Mutual offers online banking, real estate financing, business credit cards, retirement solutions, and prioritizes privacy and security.
Collects and organizes Linux OS data for detailed analysis and incident response.
Collects and organizes Linux OS data for detailed analysis and incident response.
A system for reserving classrooms at the University of Pisa.
A system for reserving classrooms at the University of Pisa.
BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.
BeyondTrust Privileged Access Management (PAM) provides comprehensive security controls for privileged accounts and users.
A centralized platform for managing open source components and automating software supply chain security.
A centralized platform for managing open source components and automating software supply chain security.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
Open-source tool for analyzing AWS temporary tokens to detect malicious activity.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
Nessus efficiently scans for system vulnerabilities, misconfigurations, and compliance issues.
A community-driven GRC solution that is simple, affordable, and open-source.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
A tool to conduct preliminary security checks in code, infrastructure, or IAM configurations using various open-source tools.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Advanced vulnerability assessment tool for gaining visibility and preventing cyber attacks.
Track user activity and API usage on AWS and in hybrid and multicloud environments.
Track user activity and API usage on AWS and in hybrid and multicloud environments.
AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.
AWS Community repository of custom Config rules with instructions for leveraging and developing AWS Config Rules.
A free online tool that scans and fixes common security issues in WordPress websites.
A free online tool that scans and fixes common security issues in WordPress websites.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
ThreatLocker is an enterprise cybersecurity platform that provides comprehensive endpoint protection and zero-trust security to prevent ransomware, viruses, and other malicious software from running on endpoints.
A comprehensive guide to securing Industrial Control Systems (ICS) from cyber threats, published by NIST.
A comprehensive guide to securing Industrial Control Systems (ICS) from cyber threats, published by NIST.
Absolute Security provides a comprehensive cybersecurity platform that offers endpoint-to-network access coverage, automated security compliance, and secure endpoint and access solutions.
Absolute Security provides a comprehensive cybersecurity platform that offers endpoint-to-network access coverage, automated security compliance, and secure endpoint and access solutions.
Receive important notifications and updates related to North American electric grid security.
Receive important notifications and updates related to North American electric grid security.
Docker's Actuary automates security best-practices checks for Docker containers.
Docker's Actuary automates security best-practices checks for Docker containers.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
A full featured script to visualize statistics from a Shockpot honeypot, based on Kippo-Graph and utilizing various PHP libraries.
A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.
A comprehensive IT infrastructure automation platform for managing hybrid infrastructure through configuration, patch, and security management.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
Kube-bench is a tool for checking Kubernetes security based on CIS Kubernetes Benchmark.
Lockdown Enterprise is a subscription service for Ansible Lockdown to automate security benchmark compliance.
Lockdown Enterprise is a subscription service for Ansible Lockdown to automate security benchmark compliance.
A community website for API security news, vulnerabilities, and best practices
A community website for API security news, vulnerabilities, and best practices
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
Open-source platform for IT and security teams with flexibility in feature usage and support for various platforms.
CloudTracker helps identify over-privileged IAM users and roles by analyzing CloudTrail logs.
CloudTracker helps identify over-privileged IAM users and roles by analyzing CloudTrail logs.
Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.
Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.
An open-source artifact metadata API for managing metadata about software resources and governing the software supply chain.
An open-source artifact metadata API for managing metadata about software resources and governing the software supply chain.
Validate baseline cybersecurity skills with CompTIA Security+ certification.
Validate baseline cybersecurity skills with CompTIA Security+ certification.
