Cloud native
Be careful with your cloud ☁️
Last updated
Was this helpful?
Be careful with your cloud ☁️
Last updated
Was this helpful?
Cloud-native security refers to a set of security practices and technologies designed specifically for applications built and deployed in cloud environments. It involves a shift in mindset from traditional security approaches, which often rely on network-based protections, to a more application-focused approach that emphasizes identity and access management, container security and workload security, and continuous monitoring and response.
In a cloud-native security approach, security is built into the application and infrastructure from the ground up, rather than added on as an afterthought. This requires a combination of automated security controls, DevOps processes, and skilled security professionals who can manage the complex and dynamic nature of cloud environments. The goal of cloud native-security is to protect against threats and vulnerabilities that are unique to cloud environments, while also ensuring compliance with regulations and standards. [1]
From [2] (CNAS, by order), try to avoid:
Find here a complete list of resources related to cloud security.
AWS:
Azure:
GCP:
Ex. Automated Security Assessment
Ex. Identity and Access Management
Ex. Logging
Ex. Web Application Firewall
AWS:
Azure:
GCP:
Others:
Labs:
Courses:
Others:
: A collection of AWS penetration testing junk
: Python installable command line utility for mitigation of instance and key compromises.
: Deploy, update, and stage your WAFs while managing them centrally via FMS.
: A vault for securely storing and accessing AWS credentials in development environments.
: A graph-based tool for visualizing effective access and resource relationships within AWS.
: A security auditing tool for Azure environments
: A static code analysis tool for infrastructure-as-code.
: A python lib for DF & IR on the cloud.
: Automate the execution of simulation steps in multi-cloud and hybrid cloud environments.
: Listing Assets from multiple Cloud Providers.
: A platform designed to manage Cloud Security Operations.
: Analyze your AWS environments.
: A cloud monitoring tool and framework.
: Cloud security configuration checks.
: Open source cloud asset inventory with set of pre-baked SQL for security and compliance.
: Rules engine for cloud security, cost optimization, and governance.
: A Central Control Plane for AWS Permissions and Access
: Tool for auditing the security posture of AWS/GCP/Azure.
: Apache v2, powerful runtime vulnerability scanner for kubernetes, virtual machines and serverless.
: A multi-cloud framework for orchestrating forensic collection, processing and data export.
: Diffy is a digital forensics and incident response (DFIR) tool developed by Netflix.
: Continuously monitor AWS services for configurations.
: GCP inventory monitoring and policy enforcement tool.
: A multi-account cloud security tool for AWS. It identifies misconfigurations and insecure data exposures within most popular AWS resources.
: Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code.
: Open source serverless security lake platform on AWS that lets you ingest, store, and analyze data into an Apache Iceberg data lake and run realtime Python detections as code.
: Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
: Policy-based control tool.
: Policy as Code Bot.
: The AWS exploitation framework.
: Command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool.
: Multi-cloud security auditing tool.
: Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.
: Tool helps to discover suspicious creation forms and uses of temporary tokens in AWS.
: Find cloud assets that no one wants exposed.
: A Postgres FDW that maps APIs to SQL, plus suites of and for AWS/Azure/GCP and many others.
: Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
: Static analysis powered security scanner for Terraform code.
: AWS Auditing & Hardening Tool.
(⚠️): Open source demos, concept and guidance related to the AWS CIS Foundation framework.
(⚠️): tools for managing AWS resources including EC2, EBS, RDS, IAM, CloudFormation and Route53.
: Audit for for EKS, AKS and GKE for HIPAA/PCI/SOC2 compliance and cloud security.
: Container runtime security.
: Managed kubernetes inspection tool.
: Policy-based control tool.
: A vulnerability scanner for container images and filesystems.
: KAI (Kubernetes Automated Inventory) can poll Kubernetes Cluster API(s) to tell Anchore which Images are currently in-use.
: CLI tool and library for generating a Software Bill of Materials from container images and filesystems.
: Cloud Security Posture Management (CSPM).
: Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark.
: Hunt for security weaknesses in Kubernetes clusters.
: Show who has RBAC permissions to perform actions on different resources in Kubernetes.
: Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more.
: The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
: a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities.
: Cloud Native Runtime Security.
: An open source trusted cloud native registry project that stores, signs, and scans content.
: Vulnerability Static Analysis for Containers.
: Snyk CLI scans and monitors your projects for security vulnerabilities.
: A Blazing fast Security Auditing tool for Kubernetes.
: Automatically compile an AWS Service Control Policy with your preferred compliance frameworks.
: Serverless S3 yara scanner.
: An AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
: Rapidly cherry-pick cloud security guardrails by generating Terraform files that create Azure Policy Initiatives.
: Protection/destection lib of aws lambda and gcp function.
: S3 bucket finder and content discover.
: A script to enumerate Google Storage buckets.
: Detects identity and access management issues and automatically suggests least-privilege policies.
: AWS Lambda auditing tool.
: IAM Least Privilege Policy Generator.
: Tool to check AWS S3 bucket permissions.
: A serverless application demonstrating common serverless security flaws.
: Tool to helps to discover, assess and secure the most privileged entities in Azure and AWS.
(⚠️): Terraform provider for Policy Sentry (IAM least privilege generator and auditor).
: Aardvark is a multi-account AWS IAM Access Advisor API.
: Parse and Process AWS IAM Policies, Statements, ARNs, and wildcards.
(⚠️): AWS Least Privilege for Distributed, High-Velocity Deployment.
(⚠️): Generate Multi-Account IAM users/groups/roles/policies from a simple YAML configuration file and Jinja2 templates.
: AWS IAM linting library.
(⚠️): CloudTracker helps you find over-privileged IAM users and roles by comparing CloudTrail logs with current IAM policies.
: Compliance report selfservice.
: Continuously audit for AWS usage.
: Private CA and certificate management service.
: Record and log API call on AWS.
: Configuration and resources relationship monitoring.
: Application recovery service.
: Analyze and visualize security data and help security investigations.
: Firewall management service.
: IDS service
: HSM service.
: Vulnerability discover and assessment service.
: KMS service
: Fully managed data security and data privacy service for S3.
: Network firewall service.
: Credential management service.
: Integration service for other AWS and third-party security service.
: DDoS protection service.
: Service of centrally manage access AWS or application.
: Identify vulnerabilities in running containers, images, hosts and repositories.
: Log of network traffic.
: Web application firewall service.
: L7 load balancer with optional WAF function.
: DDoS protection service.
: HSM service.
: KMS service
: API log and monitoring related service.
: Integration service for other Azure and third-party security service.
: SIEM service.
: Transparency log and control of GCP.
: API security monitoring, detection, mitigation.
: DDoS protection and WAF service
: Asset monitoring service.
: Secure and compliant workloads.
: API logs.
: Binary authorization service for containers and serverless.
: HSM service.
: IDS service.
: Encrypt data in use with VM.
: Enable zero trust access to applications and infrastructure.
: DLP service:
: External key management service
: Identity-Aware Proxy for protect the internal service.
: KMS service
: Detect the policy related risk.
: Integration service for other GCP security service.
: Application security scanner for GAE, GCE, GKE.
: VM with secure boot and vTPM.
: Threat dection service.
: GCP service security perimeter control.
: A centralized source of all AWS IAM privilege escalation methods.
: Library of all the attack scenarios on Amazon S3, and how to mitigate them following a risk-based approach
: A collection of scripts for assessing Microsoft Azure security
: A collection of scripts for assessing Microsoft Azure security
Learning Paths (by ):
: Cloud Container Attack Tool.
: A multiple cloud enumerator.
: "Vulnerable by Design" AWS deployment tool.
: A framework for executing attacker actions in the cloud.
: Tool for spinning up insecure AWS infrastructure with Terraform.
: Bridgecrew's "Vulnerable by Design" Terraform repository.
: A vulnerable app which demonstrates how to not use secrets. With AWS/Azure/GCP support.
: 900+ documented cloud security risks, with ability to filter by cloud vendor, compliance framework, risk category, and criticality.
AWS
[1]:
[2]:
[3]:
[4]:
[5]: