mirror of
https://github.com/jassics/awesome-aws-security.git
synced 2024-10-01 00:55:40 -04:00
Updated README with the contents
This commit is contained in:
parent
a9ae5de49a
commit
23ebb6b9d9
@ -1,13 +1,14 @@
|
||||
# Contribution Guidelines
|
||||
|
||||
Together we can make it a better repo for all cybsecurity related important
|
||||
Together we can make it a better repo for AWS Security related important
|
||||
references. So, please keep contributing hackers!
|
||||
|
||||
Please ensure your pull request follow to the below guidelines:
|
||||
|
||||
**Please ensure your pull request follow to the below guidelines:**
|
||||
- Please make sure your suggestion is not duplicate.
|
||||
- Do a pull request for suggestion by providing a Link and Description.
|
||||
- Feel free to suggeset new categories and/or improvements to the existing one.
|
||||
- Add your contents at the end of the list under appropriate headings.
|
||||
- Contents will be added on first come first serve basis.
|
||||
- Feel free to suggest new categories and/or improvements to the existing one.
|
||||
- Feel free to share and comment
|
||||
|
||||
Appreciate your contributions and thank you for the suggestions!
|
||||
*Appreciate your contributions and thank you for the suggestions!*
|
||||
|
71
README.md
71
README.md
@ -5,22 +5,77 @@ Paid), Exploit, CTFs, Hacking Practices etc. which are obviously related to AWS
|
||||
_List inspired by the [awesome](https://github.com/sindresorhus/awesome) list thing._
|
||||
|
||||
## Books
|
||||
1. Hands-On AWS Penetration Testing with Kali Linux by PackT
|
||||
2. Mastering AWS Security by PackT
|
||||
3. Security Best Practices on AWS by PackT
|
||||
4. Cloud Security Automation
|
||||
5. AWS Automation Cookbook
|
||||
|
||||
## AWS Whitepapers
|
||||
1. [AWS Security Best Practices](http://d0.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf)
|
||||
2. [AWS Security Pillar](https://d1.awsstatic.com/whitepapers/architecture/AWS-Security-Pillar.pdf)
|
||||
3. [AWS Overview of Security Processes](https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf)
|
||||
4. [NIST Cybersecurity Framework](https://d0.awsstatic.com/whitepapers/compliance/NIST_Cybersecurity_Framework_CSF.pdf)
|
||||
5. [AWS Risk And Compliance](https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf)
|
||||
6. [AWS Auditing Security Checklist](https://d0.awsstatic.com/whitepapers/compliance/AWS_Risk_and_Compliance_Whitepaper.pdf)
|
||||
7. [AWS HIPAA Compliance Whitepaper](https://d0.awsstatic.com/whitepapers/compliance/AWS_HIPAA_Compliance_Whitepaper.pdf)
|
||||
|
||||
## Videos
|
||||
1. [AWS Security by Design](https://www.youtube.com/watch?v=I1SwoKxB13c) - Youtube
|
||||
2. [Account Security with IAM](https://www.youtube.com/watch?v=9CKsX6MOPDQ) - Youtube
|
||||
3. [AWS re:Inforce 2019 Security Best Practices](https://www.youtube.com/watch?v=u6BCVkXkPnM) - Youtube
|
||||
4. [AWS Cloud Security Playlist](https://www.youtube.com/watch?v=N4DdqAkeqD4&list=PLxzKY3wu0_FL4VDfuCohtikXTQNTvKQVX) - Youtube
|
||||
|
||||
## Online Tutorials/Blogs
|
||||
## Online Tutorials/Blogs/Presentations
|
||||
1. [AWS Security official blog](https://aws.amazon.com/blogs/security/)
|
||||
2. [AWS in Plain English](https://expeditedsecurity.com/aws-in-plain-english/)
|
||||
3. [Why the CIA trusts AWS](https://mediatemple.net/blog/tips/aws-building-blocks/)
|
||||
4. [Fundamentals of AWS Security](https://www.slideshare.net/AmazonWebServices/fundamentals-of-aws-security) - Presentation from AWS
|
||||
5. [Introduction to AWS Security](https://www.slideshare.net/AmazonWebServices/introduction-to-aws-security-131234529) - Presentation from AWS
|
||||
|
||||
## Online Courses (Paid/Free)
|
||||
|
||||
## Podcasts
|
||||
|
||||
## Conferences
|
||||
|
||||
## Slideshare
|
||||
1. [AWS Fundamentals: Address Security Risks](https://www.coursera.org/learn/aws-fundamentals-addressing-security-risk) - Coursera
|
||||
2. [Cloud Computing Security](https://www.coursera.org/learn/cloud-computing-security) - Coursera
|
||||
3. [AWS: Getting started with Cloud Security](https://www.edx.org/course/aws-getting-started-with-cloud-security) - EdX
|
||||
4. [AWS Certified Security Specialty](https://www.udemy.com/course/aws-certified-security-specialty/) - Udemy by Zeal Vora
|
||||
5. [AWS Certified Security Specialty](https://acloud.guru/learn/aws-certified-security-specialty) - From Acloud.guru
|
||||
6. [AWS Advanced Security](https://www.udemy.com/course/aws-advanced-security/) - Udemy
|
||||
7. [AWS for Architects: Advanced Security](https://www.linkedin.com/learning/aws-for-architects-advanced-security/) - Linkedin Learn by Lynn Langit
|
||||
8. [Practical Event Driven Security with AWS](https://acloud.guru/learn/practical-event-driven-security-with-aws) - Acloud.guru
|
||||
9. [Learning Path for AWS Security](https://learn.acloud.guru/learning-path/aws-security) - Nicely designed the learning path who wants to be an AWS Security Experts from Acloud.guru
|
||||
10. [Cloud Hacking course](https://www.notsosecure.com/hacking-training/cloud-hacking/) - From NotSoSercure
|
||||
|
||||
## Tools of Trade
|
||||
1. [AWS Security Products](https://aws.amazon.com/products/security/)
|
||||
2. [Arsenal of AWS Security Tools](https://github.com/toniblyx/my-arsenal-of-aws-security-tools) - Collection of all security category tools and products
|
||||
3. [AWS Security Automation](https://github.com/awslabs/aws-security-automation) - Collection of scripts and resources for DevSecOps and Automated Incident Response Security
|
||||
4. [Security Monkey](https://github.com/Netflix/security_monkey) - Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
|
||||
5. [truffleHog](https://github.com/dxa4481/truffleHog) - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
|
||||
6. [gitleaks](https://github.com/zricethezav/gitleaks) - Audit git repos for secrets
|
||||
7. [AWS Security Benchmark](https://github.com/awslabs/aws-security-benchmark) - Open source demos, concept and guidance related to the AWS CIS Foundation framework.
|
||||
8. [S3 Inspector](https://github.com/kromtech/s3-inspector) - Tool to check AWS S3 bucket permissions
|
||||
9. [ScoutSuite](https://github.com/nccgroup/ScoutSuite) - Multi-Cloud Security Auditing Tool
|
||||
10. [Prowler](https://github.com/toniblyx/prowler) - AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
|
||||
11. [AWS Vault](https://github.com/99designs/aws-vault) - A vault for securely storing and accessing AWS credentials in development environments
|
||||
12. [AWS PWN](https://github.com/dagrz/aws_pwn) - A collection of AWS penetration testing junk
|
||||
13. [Pacu](https://github.com/RhinoSecurityLabs/pacu) - AWS Penetration Testing Toolkits
|
||||
14. [Zeus](https://github.com/DenizParlak/Zeus) - AWS Auditing and Hardening tool
|
||||
15. [Cloud Mapper](https://github.com/duo-labs/cloudmapper) - Analyze your AWS environments (Python)
|
||||
|
||||
## Online Security Practice and CTFs
|
||||
## Security Practice and CTFs
|
||||
1. [AWS Well Architected Security Labs](https://wellarchitectedlabs.com/Security/README.html)
|
||||
2. [Flaws to learn common mistakes in AWS through challenge](http://flaws.cloud/)
|
||||
3. [Flaws2 focuses on AWS security concepts through various challenge levels](http://flaws2.cloud/)
|
||||
4. [CloudGoat](https://github.com/RhinoSecurityLabs/cloudgoat) - Vulnerable by Design AWS infrastructure setup tool
|
||||
5. [OWASP ServerlessGoat](https://github.com/OWASP/Serverless-Goat) - OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application maintained by OWASP for educational purposes.
|
||||
|
||||
## AWS Security Breaches
|
||||
1. [AWS Security breaches - 2017](https://www.sumologic.com/blog/aws-security-breaches-2017/)
|
||||
2. [200 million voters data leak](https://www.skyhighnetworks.com/cloud-security-blog/latest-voter-data-leak-is-a-lesson-in-aws-security/) - A lesson in AWS Security
|
||||
3. [Imperva blames data breach on Stolen AWS API keys](https://www.zdnet.com/article/imperva-blames-data-breach-on-stolen-aws-api-key/)
|
||||
4. [Tesla's Amazon cloud account was hacked and used to mine cryptocurrency](https://www.businessinsider.in/finance/teslas-amazon-cloud-account-was-hacked-and-used-to-mine-cryptocurrency/articleshow/63003345.cms)
|
||||
5. [10 worst Amazon S3 breaches](https://businessinsights.bitdefender.com/worst-amazon-breaches)
|
||||
6. [Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3](https://www.darkreading.com/attacks-breaches/lion-air-the-latest-to-get-tripped-up-by-misconfigured-aws-s3-/d/d-id/1335864)
|
||||
|
||||
## Contributors
|
||||
[Please refer the guidelines at contribute.md for details](Contribute.md).
|
||||
|
Loading…
Reference in New Issue
Block a user