inql VS kubestriker

ABOUT US: At Doyensec https://doyensec.com/ , we believe that quality is the natural product of passion and care. We love what we do and we routinely take on difficult engineering challenges to help our customers build with security. Our clients are some of the global brands in the tech and startup communities. We help them secure their software and systems by providing information security consulting services (pentesting, reverse engineering, product security design and auditing). We keep a small dedicated client base and expect to develop long term working relationships with the projects and people with whom we work. We are looking for a highly experienced security engineer to join our consulting team. We perform gray-box security testing on complex web and mobile applications. We need someone who has proven testing skills across multiple languages and environments and can hit the ground running. If youre good at crawling around in the ventilation ducts of the worlds most popular and important applications, you probably have the right skillset for the job. Experience developing code and tools is highly desirable, along with the ability to support the growth of fellow engineers. We offer a competitive salary in a supportive and dynamic environment that rewards hard work and talent. We are dedicated to providing research-driven application security and therefore invest 25% of your time exclusively to research, where we build security testing tools, discover new attack techniques, and develop countermeasures. RESPONSABILITITES: -Security testing of web, mobile (iOS, Android) applications -Vulnerability research activities, coordinated and executed with Doyensec's founders -Partnering with customers to ensure the projects objectives are achieved -Leading projects and supporting engineer growth -Conduct cloud based audits on popular cloud platforms -Provide support and guidance for clients concerning app and cloud security configuration, hardening and industry best practices

100% Remote (US-Europe candidates only) At Doyensec (https://doyensec.com/), we believe that quality is the natural product of passion and care. We love what we do and we routinely take on difficult engineering challenges to help our customers build with security. Our clients are some of the global brands in the tech and startup communities. We help them secure their software and systems by providing information security consulting services (pentesting, reverse engineering, product security design and auditing). We keep a small dedicated client base and expect to develop long term working relationships with the projects and people with whom we work. We are looking for a highly experienced Cloud Security Engineer to join our team. We perform white-box security testing on complex cloud infrastructures. We need someone who has a strong interest in auditing and researching multiple cloud platforms and environments and can hit the ground running. We offer a competitive salary in a supportive and dynamic environment that rewards hard work and talent. We are dedicated to providing research-driven application security and therefore invest 25% of your time exclusively in R&D, where we build security testing tools, discover new attack techniques and develop exploits. Responsibilities: Conduct cloud based audits on popular web platforms and applications Research new class of attacks affecting containerized environments Provide support and guidance for clients concerning cloud security configuration, hardening and industry best practices Shape the internal methodology and tooling adopted by all team members during our cloud security engagements Requirements: Ability to discover, document and fix misconfigurations in cloud environments Strong security foundation on AWS security (must-have) and GCP/Azure (nice-to-have) Good understanding of Kubernetes, Docker and many other container technology Familiarity with standard cloud security testing tools: Scout Suite, Cloudspoit, Forseti Security, kube-bench and others You’re passionate about understanding complex environments Eager to learn, adapt, and perfect your work We offer: Remote work, with flexible hours Competitive salary with shared research revenue Startup atmosphere 25% R&D time (really!) Access to high-visibility security testing efforts for leading tech companies Possibility to attend and present at various security conferences around the globe

TerraScan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. klum - Kubernetes Lazy User Manager Kyverno - Kubernetes Native Policy Management https://kyverno.io kiosk - kiosk office Multi-Tenancy Extension For Kubernetes - Secure Cluster Sharing & Self-Service Namespace Provisioning kube-bench - CIS Kubernetes Benchmark tool kube-hunter - Pentesting tool - Hunts for security weaknesses in Kubernetes clusters kube-who-can - Show who has RBAC permissions to perform actions on different resources in Kubernetes starboard - Kubernetes-native security toolkit Simulator - Kubernetes Security Training Platform - Focussing on security mitigation RBAC Lookup - Easily find roles and cluster roles attached to any user, service account, or group name in your Kubernetes cluster https://fairwinds.com Kubeaudit - kubeaudit helps you audit your Kubernetes clusters against common security controls Gangway - An application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster Audit2rbac - Autogenerate RBAC policies based on Kubernetes audit logs Chartsec - Helm Chart security scanner kubestriker - Security Auditing tool Datree - CLI tool to prevent K8s misconfigurations by ensuring that manifests and Helm charts follow best practices as well as your organization’s policies Krane - Kubernetes RBAC static Analysis & visualisation tool Flaco - The Falco Project - Cloud-Native runtime security Clair - Vulnerability Static Analysis for Containers Anchore Cli - Coomand Line Interface built on top of anchore engine to manage and inspect images, policies, subscriptions and registries Project Quay - Container image registry designed to boost the security of your repositories via vulnerability scanning and tight access control Kubescape - Tool to test if Kubernetes is deployed securely according to multiple frameworks: regulatory, customized company policies and DevSecOps best practices, such as the NSA-CISA and the MITRE ATT&CK®

Other tools you can use are linux-bench, docker-bench, kube-bench, kube-hunter, kube-striker, Cloud Custodian, OVAL, and OS Query.

# Create python virtual environment $ python3 -m venv env # Activate python virtual environment $ source env/bin/activate # Clone this repository $ git clone https://github.com/vchinnipilli/kubestriker.git # Go into the repository $ cd kubestriker # Install dependencies $ pip install -r requirements.txt # Incase of prompt toolkit or selectmenu errors $ pip install prompt-toolkit==1.0.15 $ pip install -r requirements.txt # Gearing up Kubestriker $ python -m kubestriker # Result will be generated in the current working directory with the name of the target