Through a series of levels, learn about common mistakes and gotchas when using Amazon Web Services (AWS). Everything is run out of a single AWS account, and all challenges are sub-domains of flaws.cloud. Contact scott@summitroute.com for feedback, security issues, or fan mail. Greetz to Andres Riancho, @CornflakeSavage, Ken Johnson, and Nicolas Gregoire for advice and ideas.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Python-based web server framework for setting up fake web servers and services with precise data responses.
WordPress plugin to reduce comment spam with a smarter honeypot.
Qwiet AI is an application security platform that combines SAST, SCA, container security, secrets detection, and SBOM scanning with AI-powered vulnerability prioritization and automated fix generation.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
A software supply chain security platform that analyzes binaries and software components to detect malware, vulnerabilities, exposed secrets, and tampering throughout the development lifecycle.
Firejail is a SUID sandbox program for restricting the running environment of untrusted applications on Linux.
An integrated application security platform that combines software composition analysis, container scanning, and runtime security monitoring to identify and prioritize vulnerabilities based on actual usage and risk.
StepSecurity is a platform that enhances GitHub Actions security by providing network egress control, risk discovery, action replacement, and security best practices orchestration.
FingerprintJS is a client-side browser fingerprinting library that provides a unique visitor identifier unaffected by incognito mode.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.