KICS
Keeping Infrastructure as Code Secure KICS stands for Keeping Infrastructure as Code Secure, it is open source and is a must-have for any cloud native project. Getting Started Setting up and using KICS is super-easy. First, see how to install and get KICS running. Then explore KICS output results format and quickly fix the issues detected. Interested in more advanced stuff? Deep dive into KICS queries. Understand how to integrate KICS in your favourite CI/CD pipelines. See KICS documentation for more details and topics. How it Works What makes KICS really powerful and popular is its built-in extensibility. This extensibility is achieved by: Fully customizable and adjustable heuristics rules, called queries. These can be easily edited, extended and added. Robust but yet simple architecture, which allows quick addition of support for new Infrastructure as Code solutions. Community You're welcome to
FEATURES
ALTERNATIVES
A community website for API security news, vulnerabilities, and best practices
CSET is a free software tool for identifying vulnerabilities in enterprise and industrial control cyber systems.
A tool that showcases the attack surface of a given Android device, highlighting potential vulnerabilities and security risks.
A BloodHoundAD Report Engine for Security Teams to identify Active Directory security vulnerabilities and harden common configuration vulnerabilities and oversights.
A hosted web application security testing tool that enables security researchers to register, activate their accounts, and scan web applications for vulnerabilities.
A categorized collection of bug bounty write-ups for various vulnerabilities.
A series of small test cases designed to exercise different parts of a static security analyzer
A tool for scanning Adobe Experience Manager instances for potential security vulnerabilities
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.