Hey everyone! I'm working on a small cloud security tool as a side project and I'm looking for your input. The plan is to create a lightweight dashboard that scans AWS accounts for misconfigurations such as: public S3 buckets, security groups exposed to the internet, overly permissive IAM policies, privilege escalation risks, missing encryption, and later, container security issues. Additionally, I'm incorporating attack path visualization, which would illustrate something like: Internet → Security Group → EC2 → IAM Role → S3. My aim is to build a simple yet useful tool for security reviews and learning, without replacing established solutions like Prisma Cloud. As of now, it scans resources, generates a dashboard, shows severity charts, creates attack path graphs, and exports reports. Future plans include scheduled scans, one-click remediation suggestions, email alerts, and multi-region scanning. I'm open to any suggestions on features that would enhance its usefulness in real-world environments!
6 Answers
There are already tools like Prowler and AWS CSPM out there. If you're thinking of entering this space, you might want to focus on adding features or functionalities that these tools lack to attract users.
Are you looking for something similar to AWS's Trusted Advisor? That offers some basic insights already. Might need a new approach if you're aiming for something distinct!
I see a lot of tools trying to tackle the same issues, and honestly, it feels like the market is pretty saturated with similar offerings already. Maybe think of a different angle or unique feature that sets your tool apart?
Yeah, it seems like almost everyone is trying to build a similar product. Have you considered researching less common vulnerabilities or integrations?
I'm generally skeptical about relying on AI-driven tools, especially ones that might have been hastily developed by someone else. It seems risky to trust security to something that’s not well-established.
Remember, many misconfigurations can be adjusted by implementing a proper Service Control Policy (SCP). It might be beneficial to guide users on that as part of your tool.
What made you feel a solution was needed in this area? It seems like AWS has a lot of existing tools already, and it might be worth investigating their capabilities further.
That's a good point! I want to differentiate my tool from the existing ones by including more tailored features for different user levels.