Security Resources

Comprehensive Security Resources

A curated collection of essential cybersecurity tools, frameworks, documentation, and learning resources for security professionals, developers, and organizations.

AWS Security Documentation

Official AWS Security Resources

• AWS Security Best Practices - Comprehensive security guidelines
• AWS Well-Architected Security Pillar - Security design principles
• AWS Security Hub User Guide - Centralized security findings
• AWS GuardDuty User Guide - Threat detection service
• AWS Config Developer Guide - Configuration compliance

AWS Security Services Quick Reference

• Identity & Access: IAM, Cognito, Directory Service, Single Sign-On
• Detection: GuardDuty, Security Hub, Inspector, Macie, Detective
• Network Protection: WAF, Shield, Firewall Manager, Network Firewall
• Data Protection: KMS, CloudHSM, Certificate Manager, Secrets Manager
• Compliance: Config, Audit Manager, Artifact, Systems Manager

Security Frameworks & Standards

Industry Frameworks

• NIST Cybersecurity Framework - Risk-based approach to cybersecurity
• MITRE ATT&CK Framework - Adversary tactics and techniques
• ISO/IEC 27001 - Information security management
• OWASP Top 10 - Web application security risks
• CIS Controls - Cybersecurity best practices

Compliance Standards

• SOC 2 - Security, availability, confidentiality
• PCI DSS - Payment card industry standards
• GDPR - European data protection regulation
• HIPAA - Healthcare information privacy
• FedRAMP - Federal cloud security authorization

Threat Intelligence & Research

Threat Intelligence Platforms

• MITRE ATT&CK Navigator - Visualize attack techniques
• CAPEC - Common attack pattern enumeration
• CVE Database - Common vulnerabilities and exposures
• NIST National Vulnerability Database - Vulnerability management data
• FIRST CVSS Calculator - Vulnerability scoring

Security Research Organizations

• SANS Institute - Security training and research
• Carnegie Mellon CERT - Cybersecurity research
• Verizon DBIR - Data breach investigations
• IBM X-Force - Threat intelligence
• FireEye Mandiant - Advanced threat research

Security Tools & Software

Open Source Security Tools

• Nmap - Network discovery and security auditing
• Wireshark - Network protocol analyzer
• Metasploit - Penetration testing framework
• OWASP ZAP - Web application security scanner
• Burp Suite Community - Web security testing

Cloud Security Tools

• ScoutSuite - Multi-cloud security auditing
• Prowler - AWS security assessment
• CloudMapper - AWS environment analysis
• Pacu - AWS exploitation framework
• CloudSploit - Cloud security scanning

Vulnerability Scanners

• OpenVAS - Comprehensive vulnerability scanner
• Nuclei - Fast vulnerability scanner
• Nikto - Web server scanner
• Lynis - Security auditing tool for Unix/Linux
• Trivy - Container vulnerability scanner

Privacy & Anonymity Tools

VPN & Proxy Services

• ProtonVPN - Privacy-focused VPN service
• Mullvad - Anonymous VPN with cryptocurrency payments
• Tor Browser - Anonymous web browsing
• I2P - Anonymous network layer
• Freenet - Decentralized censorship-resistant platform

Secure Communication

• Signal - End-to-end encrypted messaging
• Element - Decentralized secure messaging
• Briar - Peer-to-peer messaging
• Session - Anonymous messaging
• ProtonMail - Encrypted email service

Privacy-Focused Browsers

• Tor Browser - Maximum anonymity
• Brave - Privacy by default
• Firefox - With privacy hardening
• Ungoogled Chromium - Chrome without Google

DevSecOps & Automation

Infrastructure as Code Security

• Checkov - Static analysis for IaC
• Terrascan - IaC security scanner
• tfsec - Terraform security scanner
• Bridgecrew - Cloud security platform
• Snyk IaC - IaC vulnerability scanning

Container Security

• Docker Bench - Docker security assessment
• Clair - Container vulnerability scanner
• Anchore - Container security platform
• Falco - Runtime security monitoring
• OPA Gatekeeper - Kubernetes policy enforcement

CI/CD Security Tools

• GitLeaks - Secrets detection
• TruffleHog - Secrets scanning
• Semgrep - Static analysis for security
• CodeQL - Semantic code analysis
• SonarQube - Code quality and security

Incident Response & Forensics

Incident Response Frameworks

• NIST SP 800-61 - Computer security incident handling
• SANS Incident Response Process - Six-step process
• ENISA Good Practice Guide - EU incident management
• ISO/IEC 27035 - Incident management standard

Digital Forensics Tools

• Autopsy - Digital forensics platform
• Volatility - Memory forensics framework
• YARA - Malware identification
• Sleuth Kit - File system analysis
• GRR Rapid Response - Remote live forensics

Learning & Certification Resources

Online Learning Platforms

• Cybrary - Free cybersecurity training
• SANS Cyber Aces - Cybersecurity tutorials
• Coursera Cybersecurity - University courses
• edX Cybersecurity - Professional education
• Pluralsight Security - Technical training

Hands-On Practice Platforms

• TryHackMe - Beginner-friendly security challenges
• Hack The Box - Advanced penetration testing
• VulnHub - Vulnerable VMs for practice
• OverTheWire - Security wargames
• PentesterLab - Web application security

Professional Certifications

• CISSP - Certified Information Systems Security Professional
• CISM - Certified Information Security Manager
• CEH - Certified Ethical Hacker
• OSCP - Offensive Security Certified Professional
• AWS Security Specialty - AWS Certified Security - Specialty
• GCIH - GIAC Certified Incident Handler
• CISSP - Certified Information Systems Security Professional

Industry Reports & Publications

Annual Security Reports

• Verizon Data Breach Investigations Report
• IBM Cost of a Data Breach Report
• Accenture State of Cybersecurity Report
• Ponemon Institute Research
• SANS Survey Reports

Security Blogs & News

• Krebs on Security - Investigative cybersecurity journalism
• Schneier on Security - Security technologist insights
• The Hacker News - Cybersecurity news
• Dark Reading - Enterprise security news
• Security Week - Information security news

Community & Professional Organizations

Professional Organizations

• ISC2 - Information security certifications
• ISACA - Information systems audit and control
• SANS - Security training and certification
• CompTIA - IT certifications including security
• EC-Council - Ethical hacking certifications

Security Communities

• OWASP - Open Web Application Security Project
• DEF CON Groups - Local security meetups
• 2600 Meetings - Hacker meetups
• BSides Events - Community security conferences
• FIRST - Forum of Incident Response and Security Teams

Emergency Contacts & Resources

Incident Reporting

• US-CERT: us-cert.cisa.gov
• FBI IC3: ic3.gov
• ENISA: enisa.europa.eu
• National Cyber Security Centre (UK): ncsc.gov.uk

Vulnerability Disclosure

• CVE Program: cve.mitre.org
• HackerOne: hackerone.com
• Bugcrowd: bugcrowd.com
• Google VRP: bughunters.google.com

---

Contributing to This Resource List

This resource list is continuously updated. If you have suggestions for additional resources or notice outdated links, please contact us or connect on LinkedIn.

Last Updated: January 2025