Google today released a tool to make scanning for vulnerabilities on its cloud platform more effective, an aptly named Google Cloud Security Scanner.
Although several security scanners already exist for Web applications, Google says these are typically not very well suited to those that run on the Google App Engine.Google says these website vulnerability scanners are typically hard to set up and “built for security professionals,” not for web application developers that run the apps on the Google App Engine.
Now you cn access the Cloud security scanner under select Compute > App Engine > Security scans in the Google Developers Console to run your first scan.
So this is how it works :
- Use a real browser : This approach avoids the parser coverage gap and most closely simulates the site experience. However, it can be slow due to event firing, dynamic execution, and time needed for the DOM to settle.