Frequently used GCP SaaS applications
There are a large number of applications and services within the GCP ecosystem. Many of those services are classified as SaaS. That means that Google provides the infrastructure, the platform, and the application that runs in it. As a user or organization, you’re only responsible for the code or data you enter into its applications.
As Google has more responsibility and control over its SaaS services, your ability to pentest those services while abiding by their policies is very limited to nonexistent. Google Support says the following (https://support.google.com/cloud/answer/6262505?hl=en#zippy=%2Cdo-i-need-to-notify-google-that-i-plan-to-do-a-penetration-test-on-my-project):
Do I need to notify Google that I plan to do a penetration test on my project?
If you plan to evaluate the security of your Cloud Platform infrastructure with penetration testing, you are not required to contact us. You will have to abide by the Cloud Platform...
