awesome-cloud-security/README.md

181 lines
10 KiB
Markdown
Raw Normal View History

2017-05-28 19:49:36 -04:00
# Awesome Cloud Security [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)
2017-05-29 07:53:05 -04:00
> Cloud Security blogs, podcasts, standards, projects, and examples.
2017-05-28 19:49:36 -04:00
## Contents
2021-07-16 17:43:17 -04:00
* [Public Cloud Governance](#public-cloud-governance)
* [AWS Governance](#aws-governance)
2021-05-29 13:45:59 -04:00
* [Containers](#containers)
2021-06-03 12:39:59 -04:00
* [Docker Images](#docker-images)
* [Kubernetes Operators](#kubernetes-operators)
2021-07-16 17:50:12 -04:00
* [Container Tools](#container-tools)
2017-05-29 07:53:05 -04:00
* [Cloud Security Standards](#cloud-security-standards)
2021-05-29 13:45:59 -04:00
* [Learning](#learning)
* [Blogs](#blogs)
2021-07-16 17:50:12 -04:00
* [Courses](#courses)
2021-06-03 12:39:59 -04:00
* [Labs](#labs)
2021-07-16 17:50:12 -04:00
* [Podcasts](#podcasts)
2021-06-03 12:39:59 -04:00
* [Certifications](#certifications)
2017-05-28 19:33:51 -04:00
* [Projects](#projects)
* [Alerting](#alerting)
2017-05-28 20:02:32 -04:00
* [Benchmarking](#benchmarking)
2017-05-29 08:01:51 -04:00
* [Data Loss Prevention](#data-loss-prevention)
2017-06-06 07:42:11 -04:00
* [Identity and Access Mangement](#identity-and-access-management)
2021-07-15 15:17:32 -04:00
* [Incident Response](#incident-response)
2017-05-29 08:01:51 -04:00
* [Spring](#spring)
2017-05-28 19:33:51 -04:00
* [Examples](#examples)
2017-06-06 07:42:11 -04:00
* [Automated Security Assessment](#ex-automated-security-assessment)
2017-06-06 07:43:25 -04:00
* [Identity and Access Mangement](#ex-identity-and-access-management)
2017-06-06 07:42:11 -04:00
* [Logging](#ex-logging)
2021-07-16 17:50:12 -04:00
* [Misc](#misc)
* [Other Awesome Lists](#other-awesome-lists)
2017-05-28 19:49:36 -04:00
* [Contribute](#contribute)
* [License](#license)
2021-07-16 17:43:17 -04:00
## Public Cloud Governance
### AWS Governance
2021-07-16 16:35:09 -04:00
* [AWS CodePipeline Governance](https://github.com/awslabs/aws-codepipeline-governance)
* [AWS Config Rules Development Kit](https://github.com/awslabs/aws-config-rdklib)
* [AWS Control Tower Customizations](https://github.com/awslabs/aws-control-tower-customizations)
* [AWS Security Hub Automated Response and Remediation](https://github.com/awslabs/aws-security-hub-automated-response-and-remediation)
* [AWS Well Architected Labs](https://github.com/awslabs/aws-well-architected-labs)
2021-06-03 12:39:59 -04:00
## Kubernetes Operators
2021-07-15 15:49:42 -04:00
* Aqua
* [Aqua Security Operator](https://operatorhub.io/operator/aqua)
* [Starboard Operator](https://operatorhub.io/operator/starboard-operator)
2021-06-03 12:39:59 -04:00
* [Anchore - Anchore Engine Operator](https://operatorhub.io/operator/anchore-engine)
* [Falco Security - Falco Operator](https://operatorhub.io/operator/falco)
* [Quay - Project Quay Container Security](https://operatorhub.io/operator/project-quay-container-security-operator)
* [Snyk - Snyk Operator](https://operatorhub.io/operator/snyk-operator)
* [Splunk - Splunk Operator for Kubernetes](https://operatorhub.io/operator/splunk)
* [Sysdig - Sysdig Agent Operator](https://operatorhub.io/operator/sysdig)
2021-07-16 17:50:12 -04:00
## Container Tools
2021-07-15 15:49:42 -04:00
* Anchore
2021-07-16 18:02:35 -04:00
* [Anchore Engine](https://github.com/anchore/anchore-engine)
2021-07-15 15:49:42 -04:00
* [Grype](https://github.com/anchore/grype)
* [Kai](https://github.com/anchore/kai)
* [Syft](https://github.com/anchore/syft)
* Aqua
* [Cloudsploit](https://github.com/aquasecurity/cloudsploit)
* [Kube-Bench](https://github.com/aquasecurity/kube-bench)
* [Kube-Hunter](https://github.com/aquasecurity/kube-hunter)
* [Kubectl-who-can](https://github.com/aquasecurity/kubectl-who-can)
* [Trivy](https://github.com/aquasecurity/trivy)
2021-05-29 15:07:14 -04:00
* [Docker - Docker Bench for Security](https://github.com/docker/docker-bench-security)
2021-06-03 12:39:59 -04:00
* [Elias - Dagda](https://github.com/eliasgranderubio/dagda/)
* [Falco Security - Falco](https://github.com/falcosecurity/falco)
2021-05-29 15:07:14 -04:00
* [Harbor - Harbor](https://github.com/goharbor/harbor)
2021-06-03 12:39:59 -04:00
* [Quay - Clair](https://github.com/quay/clair)
* [Snyk - Snyk](https://github.com/snyk/snyk)
* [vchinnipilli - Kubestriker](https://github.com/vchinnipilli/kubestriker)
2017-05-29 07:53:05 -04:00
## Cloud Security Standards
* [ISO/IEC 27017:2015](https://www.iso.org/standard/43757.html)
* [MTCS SS 584](https://www.imda.gov.sg/industry-development/infrastructure/ict-standards-and-frameworks/mtcs-certification-scheme/multi-tier-cloud-security-certified-cloud-services)
2017-05-29 07:56:44 -04:00
* [CCM](https://cloudsecurityalliance.org/group/cloud-controls-matrix)
2017-05-29 07:53:05 -04:00
* [NIST 800-53](https://nvd.nist.gov/800-53)
2021-05-29 13:45:59 -04:00
## Learning
### Blogs
* [AWS Security](https://aws.amazon.com/blogs/security/)
2021-07-16 18:25:11 -04:00
* [Azure Security](https://www.microsoft.com/security/blog/azure-security/)
* [Dark Reading](https://www.darkreading.com/cloud-security.asp)
2021-07-16 17:27:03 -04:00
### Courses
2021-07-16 18:29:11 -04:00
* Oracle
* [Oracle Cloud Security Administrator](https://learn.oracle.com/ols/learning-path/become-a-cloud-security-administrator/35644/38707)
* A Cloud Guru
* Learning Paths
* [AWS Security Path](https://learn.acloud.guru/learning-path/aws-security)
* [Azure Security Path](https://learn.acloud.guru/learning-path/azure-security)
* [GCP Security Path](https://learn.acloud.guru/learning-path/gcp-security)
2021-07-16 17:50:12 -04:00
### Labs
* [PagerDuty Security Training](https://github.com/PagerDuty/security-training)
### Podcasts
2021-07-16 18:25:11 -04:00
* [Security Now](https://twit.tv/shows/security-now)
* [Azure DevOps Podcast](http://azuredevopspodcast.clear-measure.com)
2021-07-16 17:27:03 -04:00
## Certifications
* Cloud Vendors
* [AWS Certified Security Specialty](https://aws.amazon.com/certification/certified-security-specialty/)
* [Azure Security Engineer Associate](https://docs.microsoft.com/en-us/learn/certifications/azure-security-engineer/)
* [Google Professional Cloud Security Engineer](https://cloud.google.com/certification/cloud-security-engineer)
* [Oracle Cloud Platform Identity and Security Management](https://education.oracle.com/oracle-cloud-platform-identity-and-security-management-2020-certified-specialist/trackp_OCPISM2020CA)
* ISC<sup>2</sup> - International Information System Security Certification Consortium
* [CCSP - Certified Cloud Security Professional](https://www.isc2.org/Certifications/CCSP)
* CSA - Cloud Security Alliance
* [CCSK - Certificate of Cloud Security Knowledge](https://cloudsecurityalliance.org/education/ccsk/)
* [CCAK - Certificate of Cloud Auditing Knowledge](https://cloudsecurityalliance.org/education/ccak/)
2017-05-28 19:31:47 -04:00
## Projects
### Alerting
* [411 by Etsy](https://github.com/etsy/411)
* [ElastAlert by Yelp](https://github.com/Yelp/elastalert)
* [StreamAlert by Airbnb](https://github.com/airbnb/streamalert)
2017-05-29 08:01:51 -04:00
### Benchmarking
* [AWS Security Benchmark](https://github.com/awslabs/aws-security-benchmark)
2017-05-28 20:02:32 -04:00
### Data Loss Prevention
2021-07-16 16:35:09 -04:00
* [Git Secrets by AWS Labs](https://github.com/awslabs/git-secrets)
2017-06-06 07:42:11 -04:00
### Identity and Access Management
2021-07-15 15:49:42 -04:00
* AWS Labs
* [AWS IAM Generator](https://github.com/awslabs/aws-iam-generator)
* Duo Labs
* [Parliament](https://github.com/duo-labs/parliament)
* [CloudTracker](https://github.com/duo-labs/cloudtracker)
* Netflix
* [Aardvark](https://github.com/Netflix-Skunkworks/aardvark)
* [ConsoleMe](https://github.com/Netflix/consoleme)
* [Repokid](https://github.com/Netflix/Repokid)
* Salesforce
* [Policy Sentry](https://github.com/salesforce/policy_sentry/)
* [CloudSplaining](https://github.com/salesforce/cloudsplaining)
* [AWS-AllowLister](https://github.com/salesforce/aws-allowlister)
* [Terraform for Policy Guru](https://github.com/salesforce/terraform-provider-policyguru)
2021-07-16 18:02:35 -04:00
* Misc
* [AWS Missing Tools by CloudAvail](https://github.com/cloudavail/aws-missing-tools)
* [Awesome IAM List](https://github.com/kdeldycke/awesome-iam)
* [Enumerate IAM by Andres Riancho](https://github.com/andresriancho/enumerate-iam)
* [Kubernetes AWS IAM Authenticator by Kubernetes SIG](https://github.com/kubernetes-sigs/aws-iam-authenticator)
2021-07-15 15:17:32 -04:00
### Incident Response
2021-07-16 16:44:13 -04:00
* AWS
* [AWS Incident Response Playbooks by AWS Samples](https://github.com/aws-samples/aws-incident-response-playbooks)
* [AWS Security Hub Automated Response and Remediation](https://github.com/awslabs/aws-security-hub-automated-response-and-remediation)
* Netflix
* [Dispatch by Netflix](https://github.com/Netflix/dispatch)
* PagerDuty
* [PagerDuty Automated Remediation Docs](https://github.com/PagerDuty/automated-remediation-docs)
* [PagerDuty Business Response Docs](https://github.com/PagerDuty/business-response-docs)
* [PagerDuty DevSecOps Docs](https://github.com/PagerDuty/devsecops-docs)
* [PagerDuty Full Case Ownership Docs](https://github.com/PagerDuty/full-case-ownership-docs)
* [PagerDuty Full Service Ownership Docs](https://github.com/PagerDuty/full-service-ownership-docs)
* [PagerDuty Going OnCall Docs](https://github.com/PagerDuty/goingoncall-docs)
* [PagerDuty Incident Response Docs](https://github.com/PagerDuty/incident-response-docs)
* [PagerDuty Operational Review Docs](https://github.com/PagerDuty/operational-review-docs)
* [PagerDuty PostMortem Docs](https://github.com/PagerDuty/postmortem-docs)
* [PagerDuty Retrospectives Docs](https://github.com/PagerDuty/retrospectives-docs)
* [PagerDuty Stakeholder Communication Docs](https://github.com/PagerDuty/stakeholder-comms-docs)
2017-05-29 08:01:51 -04:00
### Spring
* [Spring Cloud Security](https://github.com/dschadow/CloudSecurity)
2017-05-28 20:02:32 -04:00
## Examples
2017-06-06 07:42:11 -04:00
### Ex. Automated Security Assessment
2017-05-28 19:31:47 -04:00
* [AWS Config Rules Repository](https://github.com/awslabs/aws-config-rules)
* [AWS Inspector Agent Autodeploy](https://github.com/awslabs/amazon-inspector-agent-autodeploy)
* [AWS Inspector Auto Remediation](https://github.com/awslabs/amazon-inspector-auto-remediate)
* [AWS Inspector Lambda Finding Processor](https://github.com/awslabs/amazon-inspector-finding-forwarder)
2017-06-06 07:43:25 -04:00
### Ex. Identity and Access Management
* [Amazon Cognito Streams connector for Amazon Redshift](https://github.com/awslabs/amazon-cognito-streams-sample)
2017-06-06 07:42:11 -04:00
### Ex. Logging
2017-05-28 19:31:47 -04:00
* [AWS Centralized Logging](https://github.com/awslabs/aws-centralized-logging)
* [AWS Config Snapshots to ElasticSearch](https://github.com/awslabs/aws-config-to-elasticsearch)
* [AWS CloudWatch Events Monitor Security Groups](https://github.com/awslabs/cwe-monitor-secgrp)
2017-06-06 07:42:11 -04:00
### Ex. Web Application Firewall
2017-05-28 19:31:47 -04:00
* [AWS WAF Sample](https://github.com/awslabs/aws-waf-sample)
2017-05-28 19:49:36 -04:00
* [AWS WAF Security Automations](https://github.com/awslabs/aws-waf-security-automations)
2021-07-16 17:43:17 -04:00
## Misc
2021-07-16 18:02:35 -04:00
* Other Awesome Lists
* [Awesome Cloud Native Security](https://github.com/brant-ruan/awesome-cloud-native-security)
* [Awesome Cloud Security](https://github.com/Funkmyster/awesome-cloud-security)
* [Awesome IAM List](https://github.com/kdeldycke/awesome-iam)
* [Awesome Incident Response List](https://github.com/meirwah/awesome-incident-response)
* [Awesome Shodan Queries](https://github.com/jakejarvis/awesome-shodan-queries)
2017-05-28 19:49:36 -04:00
## Contribute
Contributions welcome! Read the [contribution guidelines](contributing.md) first.
## License
[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0)
To the extent possible under law, Jacob Silva has waived all copyright and
related or neighboring rights to this work.