Awesome DevOpsSec
This repository stores various AWS and K8s security resources
Resources
Blogs
Documents
AWS
- CIS Amazon Web Services Foundations Benchmark v2.0.0
- AWS Foundational Security Best Practices (FSBP) standard
- AWS Cloud Security Checklist
- Ultimate Guide to Incident Response in AWS
Kubernetes
- CIS Kubernetes Benchmark v1.8.0
- Kubernetes Hardening Guide
- K8s Security Checklist
- Securing a K8s Cluster
- EKS Best Practices Guides
Articles
AWS
- AWS IAM Privilege Escalation – Methods and Mitigation
- Detailed Analysis of CloudDon, Cloud Data Breach of Korea e-commerce company
- How I was able to access millions of ID cards on an e-commerce platform
Kubernetes
Workshops
AWS
- AWS Well Architected Labs - Security
- AWS Security Workshops
- AWS Incident Response Playbooks Workshop
Kubernetes
Conferences
Challenges
Trannings
etc
Tools
AWS
- CloudSploit - Cloud Security Posture Management(CSPM)
- prowler - Security Vulnerability Scanner
- check_imds - IMDSv1 Scanner
- my-arsenal-of-aws-security-tools - List of open source tools for AWS security
Kubernetes
- Trivy - Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes
- kube-bench - Checks whether Kubernetes is deployed according to CIS Kubernetes Benchmark
- kube-hunter - Hunt for security weaknesses in Kubernetes clusters
- managed-kubernetes-auditing-toolkit - identifying common security issues in EKS
- Kubescape - Kubernetes security platform for your clusters, CI/CD pipelines, and IDE
- Falco - Cloud Native Runtime Security
- Clair - Vulnerability Static Analysis for Containers