Google today released a tool to make scanning for vulnerabilities on its cloud platform more effective, an aptly named Google Cloud Security Scanner.
Although several security scanners already exist for Web applications, Google says these are typically not very well suited to those that run on the Google App Engine – there’s a tendency to report false positives and setup can be more complicated than necessary.
Google’s solution should be easier for developers to use. In particular, it can easily scan for two common vulnerabilities: cross-site scripting (XSS) and mixed content.
The company acknowledges developers should still look into a security review by a professional, but hopes its tool will provide a simple solution to the most common App Engine issues with minimal false positives.
The app is currently in beta form, and the company says more features are coming soon, but if you want to sign up, head over to Google’s dedicated page.
➤ Using Google Cloud Platform for Security Scanning [Google Cloud Platform Blog]