Google Cloud Platform – Cloud security scanner

How to Create MySQL Users Accounts and Grant Privileges

Cloud security scanner is built to identify vulnerabilities in your Google App Engine applications. The scanner crawls through your application and can attempt to try multiple user inputs in order to detect vulnerabilities. The scanner can detect a range of vulnerabilities, such as XSS, flash injection, mixed content, clear text passwords, and use of JavaScript libraries.

Cloud security scanner can only be used with the Google App Engine standard environment and compute engine. You cannot use the security scanner with a Google App Engine flexible environment. When requested, cloud security scanner does not start immediately but is queued by GCP to scan the app at a later time when the load is low. It is advisable to run the security scanner in a lab environment. Running cloud security scanner in a production environment can create undesirable data. For example, if you run a blog, cloud security scanner can post test comments of random text to check whether public posts are vulnerable. The security scanner does not delete this text, leaving them on your website for everyone to see.

To run a scan, log in to your GCP portal and go to theĀ  App Engine tab:

You will need to enable its API before you can use it. Click on Enable API in the center of the screen. Once enabled, you can click on Create scan:

You will need to have an app running; here, the security scanner has picked up my app. You can mention additional URLs if needed. Click Create when done:

Click Run scan to begin scanning this app.

The scan results are shown in the following screenshot:

Comments are closed.