Cloud Security
Cloud Foundations
This is a great overview of AWS's "Cloud Foundations
Cloud security ressources
A great place that sum-up useful knowledgebases here
Awesome cloud security ressources here
Cloud CSPM products
Cloud Security Posture Managementis a class of security tools as defined by Gartner include use cases for infrastructure compliance monitoring, DevOps integration, incident response, risk assessment, and risk visualization.
Product | CSP support, remarks | Link |
---|---|---|
Divvy Cloud | AWS, Azure, GCP, Alibaba, Kubernetes | https://divvycloud.com |
Cloud Custodian | AWS, Azure, GCP. Open Source, good community | https://cloudcustodian.io |
Palto Alto Prisma Cloud (Redlock) | AWS, Azure, GCP, Alibaba, Kubernetes, Doker, IBM Cloud | https://www.paloaltonetworks.com/prisma/cloud |
Netflix Security Monkey | AWS, GCP. End of life 2020 | https://github.com/Netflix/security_monkey |
TurBot | AWS, Azure, GCP | https://turbot.com |
DisruptOps | ? | https://disruptops.com |
CheckPoint CloudGuard Dome9 | AWS, Azure, GCP. Some remediations focused primarily on network and IAM | https://dome9.com |
Aqua CloudSploit | AWS, Azure, GCP, Oracle Cloud | https://cloudsploit.com |
Trend Micro Cloud Conformity | AWS, (Azure) | https://www.cloudconformity.com |
Fugue | AWS, Azure | https://www.fugue.co |
OpenCSPM | ? | https://github.com/OpenCSPM/opencspm |
Wiz | AWS, Azure, GCP | https://www.wiz.io |
Cloud security posture
What to look for when reviewing a company's infrastructure. Very interisting article on how to understand and asses your cloud infrastructure in order to design a cloud security roadmap here
A list of question while reviewing the security architecture of a multi-cloud SaaS company here
Very interisting blog with Cloud security topics (Kubernetes, docker image security, aws, azure, GCP, etc) here
How to define a Cloud security roadmap here and here
How to mitigate cloud vulnerabilities by NSA here
Modern Cloud Governance with a well balanced security / Cost and Business value here
Cloud open source tools
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. here
Maturity matrice
The infographic feature high-level patterns for mapping your company’s technical and strategic transformation.
This page lists security mistakes by cloud service providers (AWS, GCP, and Azure). These are public mistakes on the cloud providers' side of the shared responsibility model here
FinOps
Great eBook that explains the basics of FinOps Whitepaper From FinOps to proven cloud cost management & optimization strategies here
Great tool for cost estimation based on terraform and can be integrated in CI/CD pipeline here
Network
Good practices on how to segregate a network in Cloud environment here
Whitepapers
A bench of whitepapers from SANS institute here
Why IAM is a key component in cloud, and what are the threats here
Awareness
This article explains how to create a proactive security & engineering culture with awareness strategy here
Hack the cloud
Hacking the cloud is an encyclopedia of the attacks/tactics/techniques that offensive security professionals can use on their next cloud exploitation adventure. The goal is to share this knowledge with the security community to better defend cloud native technologies. here
A free pentesting Learning platform. here
Threat & risks in the cloud
Top 11 of threats in the cloud in 2022 here
Cloud vulnerabilities
This page is a complete database for all Cloud vulnerabilities here
Zero trust
An road map to zero trust architecture here
IAM
Visualizing Multi Cloud IAM Concepts here