Contrôles et sécurisation du cloud

Quelques liens d’information ou d’outillage pour la sécurisation du cloud, au sens (très) large.

Défense (durcissement, inventaire, évaluation de sécurité)

Attaques

Analyse légale numérique et Réponse aux incidents (DFIR)

DFIR correspond à Digital Forensics and Incident Response.

Sécurité des développements

Audit de buckets S3

Formation

  • http://flaws.cloud/ – flAWS challenge to learn through a series of levels about common mistakes and gotchas when using AWS
  • http://flaws2.cloud/ – flAWS 2 has two paths this time: Attacker and Defender! In the Attacker path, you’ll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path, that target is now viewed as the victim and you’ll work as an incident responder for that same app, understanding how an attack happened.
  • https://github.com/RhinoSecurityLabs/cloudgoat – Vulnerable by Design AWS infrastructure setup tool
  • https://github.com/m6a-UdS/dvca – Damn Vulnerable Cloud Application more info
  • https://github.com/sonofagl1tch/AWSDetonationLab – Scripts and templates to generate some basic detections of the AWS security services
  • OWASP ServerlessGoat – OWASP ServerlessGoat is a deliberately insecure realistic AWS Lambda serverless application, maintained by OWASP for educational purposes. Single click installation through the AWS Serverless Application Repository.

Honey-token

Autres

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *