Your first time on this page? Allow me to give some explanations.
👤 Identity and Access Management Knowledge for Cloud Platforms
Here you can see meta information about this topic like the time we last updated this page, the original creator of the awesome list and a link to the original GitHub repository.
Thank you kdeldycke & contributors
View Topic on GitHub:
Search for resources by name or description.
Simply type in what you are looking for and the results will be filtered on the fly.
Further filter the resources on this page by type (repository/other resource), number of stars on GitHub and time of last commit in months.
Cartography is a Python tool that consolidates infrastructure assets and the relationships between them in an intuitive graph view powered by a Neo4j database.
📙 Amazon Web Services — a practical guide
Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, MFA, FIDO2, profile management, identity schemas, social sign in, registration, account recovery, and IoT auth. Golang, headless, API-only - without templating or theming headaches.
CyberArk Conjur automatically secures secrets used by privileged users and machine identities
Open source alternative to Auth0 / Firebase Auth / AWS Cognito
Modern PHP user login and management framework++.
Papers from the computer science community to read and discuss.
shorter summary available.
A cloud native Identity & Access Proxy / API (IAP) and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP(s) requests. Inspired by the BeyondCorp / Zero Trust white paper. Written in Go.
BeyondCorp-inspired HTTPS/SSO Access Proxy. Secure internal services outside your VPN/perimeter network during a zero-trust transition.
Pomerium is an identity-aware access proxy.
Shaming sites with dumb password rules.
A place for creators and users of password managers to collaborate on resources to make password management better.
A Well-Known URL for Changing Passwords
NIST Special Publication 800-63B covering new password complexity guidelines.
Solo 1: open security key supporting FIDO2 & U2F over USB + NFC
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
Guide to using YubiKey for GPG and SSH
YubiKey at Datadog
The Single Sign-On Multi-Factor portal for web apps
Kanidm: A simple, secure and fast identity management platform
Public-Key Infrastructure (PKI)
Repository for the Lemur Certificate Manager
CFSSL: Cloudflare's PKI and TLS toolkit
JA3 is a standard for creating SSL client fingerprints in an easy to produce and shareable way.
Learn how to use JSON Web Token (JWT) to secure your next Web App! (Tutorial/Example with Tests!!)
JWT login microservice with plugable backends such as OAuth2, Google, Github, htpasswd, osiam, ..
A tool to test security of json web token
why your "solution" doesn't work, because stateless JWT tokens cannot be invalidated or updated. They will introduce either size issues or security issues depending on where you store them. Stateful JWT tokens are functionally the same as session cookies, but without the battle-tested and well-reviewed implementations or client support.
OAuth2 & OpenID
A UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC
OpenID Connect and OAuth 2.0 Framework for ASP.NET Core
ZITADEL - Identity Experience Platform
Open-source policy frameworks
Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.
A SDK for access control policies: authorization for the microservice and IoT age. Inspired by AWS IAM policies. Written for Go.
Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures. Athenz supports provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.
An authorization library that supports access control models like ACL, RBAC, ABAC in Golang
High Performance Rate Limiting MicroService and Library
Oso is a batteries-included framework for building authorization in your application.
The Cerbos engine
AWS policy tools
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.
IAM Least Privilege Policy Generator
A tool for quickly evaluating IAM permissions in AWS.
Parse and Process AWS IAM Policies, Statements, ARNs, and wildcards.
AWS IAM policy statement generator with fluent interface
A Central Control Plane for AWS Permissions and Access
Simple and flexible tool for managing secrets
Scan git repos (or files) for secrets using regex and entropy 🔑
Searches through git repositories for high entropy strings and secrets, digging deep into commit history
ROCA: Infineon RSA key vulnerability
Hardware Security Module (HSM)
Meaningful control of data in distributed systems.
Trust & Safety
💰 Billing & Payments Knowledge for Cloud Platforms
Wordlists for creating statistically likely username lists for use in password attacks and security testing
🔎 Hunt down social media accounts by username across social networks
Anomaly Detection on Dynamic (time-evolving) Graphs in Real-time and Streaming manner. Detecting intrusions (DoS and DDoS attacks), frauds, fake rating anomalies.
Gephi - The Open Graph Viz Platform
A curated list of Awesome Threat Intelligence resources
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.
Tracking Threat Actor Emails in Phishing Kits. CC @PhishKitTracker on twitter if you find a #threatactoremail in #phishingkit , maintained by @neonprimetime
Information gathering & OSINT framework for phone numbers
Curated list of awesome captcha libraries and crack tools.
Hostnames and Subdomains
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
This repository contains the data behind our Security, Privacy and Parental Control features.
CIDR country-level IP data, straight from the Regional Internet Registries, updated hourly.
An hourly updated list of subdomains gathered from certificate transparency logs
Automatically updated, moderated and optimized lists for blocking ads, trackers, malware and other garbage
IP to ISP lookup library (includes ASN)
XKeyscore matching rules for TOR and other anonymity preserving tools.
A list of temporary email providers
Cross-language temporary (disposable/throwaway) email detection library. Covers 33600 fake email providers.
A ruby gem to check if the owner of a given email address or website is working for THE MAN (a.k.a verifies government domains).
Identify email addresses or domains names that belong to colleges or universities. Help automate the process of approving or rejecting academic discounts.
List of Dirty, Naughty, Obscene, and Otherwise Bad Words
A fast, robust Python library to check for offensive language in strings.
Papers from the computer science community to read and discuss.
A repository of email marketing legislation around the World, compiled by EmailOctopus.
Context aware, pluggable and customizable data protection and anonymization SDK for text and images
The CNIL publishes a GDPR guide for developers
🇪🇺 Your Right to be Informed and Erased. The General Data Protection Regulation (EU) 2016/679 ("GDPR") documents for personal use.
The Google Cloud Developer's Cheat Sheet