AWS Audit Manager

It helps you gain situational awareness in unfamiliar cloud environments. It’s an open-source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure.

It is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.

It is a free, automated, and open certificate authority brought to you by the non-profit Internet Security Research Group (ISRG).

A JavaScript library for frontend and mobile developers building cloud-enabled applications. The library is a declarative interface across different categories of operations in order to make common tasks easier to add into your application. The default implementation works with Amazon Web Services (AWS) resources but is designed to be open and pluggable for usage with other cloud services that wish to provide an implementation or custom backends.

Ensighten is a comprehensive website security company, offering next generation compliance, enforcement and client-side protection against data loss, ad injection and intrusion.

It is a free service that protects your website from spam and abuse. It uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site. It does this while letting your valid users pass through with ease.

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

We make the best rated Two-Factor Authentication smartphone app for consumers, a Rest API for developers and a strong authentication platform for the enterprise.

It is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.

It is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Sqreen is a security platform that helps engineering team protect their web applications, API and micro-services in real-time. The solution installs with a simple application library and doesn't require engineering resources to operate. Security anomalies triggered are reported with technical context to help engineers fix the code. Ops team can assess the impact of attacks and monitor suspicious user accounts involved.

It is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network.

It is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.

It is a provider of state-of-the-art application security solution: static code analysis software, seamlessly integrated into development process.

It seamlessly integrates application security into the software lifecycle, effectively eliminating vulnerabilities during the lowest-cost point in the development/deployment chain, and blocking threats while in production.

It is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

LocalStack provides an easy-to-use test/mocking framework for developing Cloud applications.

It is a simple and comprehensive vulnerability scanner for containers and other artifacts. It detects vulnerabilities of OS packages (Alpine, RHEL, CentOS, etc.) and application dependencies (Bundler, Composer, npm, yarn, etc.). It is easy to use. Just install the binary and you're ready to scan. All you need to do for scanning is to specify a target such as an image name of the container.

It is a simple but extremely powerful set of CLI commands for managing resources on Amazon Web Services. They harness the power of Amazon's AWSCLI, while abstracting away verbosity. The project implements some innovative patterns but (arguably) remains simple, beautiful and readable.

It is a cloud-native endpoint security platform combines Next-Gen Av, EDR, Threat Intelligence, Threat Hunting, and much more.

It is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

It is a free, open-source host-based intrusion detection system. It performs log analysis, integrity checking, registry monitoring, rootkit detection, time-based alerting, and active response.

It provides true integration and automation across an organization’s security infrastructure, delivering unparalleled protection and visibility to every network segment, device, and appliance, whether virtual, in the cloud, or on-premises.

It is a solution that helps development teams manage risks that come with the use of open source. It gives you complete visibility into open source management, combining sophisticated, multi-factor open source detection capabilities with the Black Duck KnowledgeBase.

Castle looks for suspicious login patterns without bothering the legitimate user nor the site administrator. The fully-automated anti-hijack engine identifies potential account compromises based on where the user logs in from and how they navigate the site.

It is the only security software company focused on eliminating cyber threats using insider privileges to attack the heart of the enterprise.

In order to trust that your users are who they say they are, we verify their identity with an easy-to-use two-factor authentication solution, while giving you the ability to enforce stronger user access policies.

The Sumo Logic platform helps you make data-driven decisions and reduce the time to investigate security and operational issues so you can free up resources for more important activities.

It is a global cloud-based information security company that provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of things environments.

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection.

Open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes.

It provides essential security for many types of endpoints, from smart phones to printers. An endpoint protection platform (EPP) is an integrated suite of endpoint protection technologies—such as antivirus, data encryption, intrusion prevention, and data loss prevention—that detects and stops a variety of threats at the endpoint.

It is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats.

An intelligent, integrated and scalable solution to protect your business-critical web applications from malicious attacks, with no changes to your existing infrastructure.

It is a unified security endpoint agent that delivers multiple security services to protect the enterprise. It also provides the visibility and the control you need to identify who and which devices are accessing the extended enterprise. Its wide range of security services include functions such remote access, posture enforcement, web security features, and roaming protection.

The AWS Command Line Interface is a unified tool to manage your AWS services.

It enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across cloud. It is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life.

Automatically identify all known and unknown assets on your global hybrid-IT—on prem, endpoints, clouds, containers, mobile, OT and IoT—for a complete, categorized inventory, enriched with details such as vendor lifecycle information and much more.

Detectify is a web security service that simulates automated hacker attacks on your website, detecting critical security issues before real hackers do. We provide you with descriptive reports of the results so that you can continue to build safe products

The leading solution for agile open source security and license compliance management, WhiteSource integrates with the DevOps pipeline to detect vulnerable open source libraries in real-time.

The troposphere library allows for easier creation of the AWS CloudFormation JSON by writing Python code to describe the AWS resources. troposphere also includes some basic support for OpenStack resources via Heat.

It is a self-managed server that secures access to your applications and APIs with OAuth 2.0 and OpenID Connect. It is OpenID Connect Certified and optimized for latency, high throughput, and low resource consumption.

It is an application security SCA tool that integrates security directly into your DevOps workflows, enabling you to deliver trusted software releases faster. It fortifies your software supply chain and scans your entire pipeline from Git to your IDE, through your CI/CD Tools, and all the way through distribution to deployment.

It provides high-performance networking & cybersecurity solutions to service providers, enterprise companies & public sector organizations.

It is here to help you reduce risk across your entire connected environment so your company can focus on what matters most. Whether you need to easily manage vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, or automate your operations — we have solutions and guidance for you.

It has unified the security products, intelligence and community essential for mid-size businesses to defend against today’s modern threats.

It is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. It provides proactive threat defense that stops attacks before they spread through the network.

It is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises.

It is a comprehensive vulnerability analysis solution that provides complete visibility into the security posture of your distributed and complex IT infrastructure.

It offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to scale and cover the entire software development lifecycle.