Scanning for vulnerabilities using Cloud Security Scanner
Cloud Security Scanner is a service with App Engine that scans the web applications for security vulnerabilities. It detects cross-site scripting, flash injection, mixed content, and usage of unsecured JS libraries, by crawling through the starting URL of the App Engine. In this chapter, we'll see how to set up a security scan for a sample vulnerable application and review its results. After the scan is created, it is queued for execution. Depending on the size of the application, the time required for the scan ranges from a few minutes to a few hours.
Getting ready
The following are the initial setup verification steps, which are required before the recipe can be executed:
- Create or select a GCP project
- Enable billing and enable the default APIs (some APIs like BigQuery, storage, monitoring, and a few others are enabled automatically)
- The owner, and editor of the project have full access to Cloud Security Scanner by default
