Security
作者:Nowell Morris
1. processes
1.1. Incident Response Plans
1.1.1. start with one, then expand for possible threats
2. Scanning and Discover
2.1. https://github.com/redhuntlabs/BucketLoot?utm_source=tldrsec.com&utm_medium=newsletter&utm_campaign=tl-dr-sec-192-google-s-ai-red-teaming-owasp-on-cloud-security-trail-of-bits-testing-guide
2.2. https://cheatsheetseries.owasp.org/cheatsheets/Secure_Cloud_Architecture_Cheat_Sheet.html?utm_source=tldrsec.com&utm_medium=newsletter&utm_campaign=tl-dr-sec-192-google-s-ai-red-teaming-owasp-on-cloud-security-trail-of-bits-testing-guide
3. CIA
3.1. Confidentiality
3.2. Integrity
3.3. Availability
4. Compliance
4.1. SOC2
4.1.1. gap assessment
4.1.2. tickets from all findings
4.1.3. plan to accomplish
4.1.3.1. eramba?
4.1.3.2. Policies
4.1.3.3. comply
4.1.4. read and understand what is required
4.2. AWS Well Arch Framework
5. Vulnerability Management
5.1. tools
5.1.1. Tenable.io
5.1.2. AWS Inspector
5.1.3. Wazuh?
5.1.4. Crowdstrike Falcon
5.1.5. GuardDuty
5.1.6. SAST/DAST?