Google Cloud offers security scanning for customer apps

Uploaded on 2015-03-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Google Cloud Security Scanner, now available as a free beta for Google App Engine users, is designed to overcome a number of limitations often found in commercial Web application security scanners.

Commercials scanners can be difficult to set up. They can over-report issues, leading to too many false positives. They are designed more for security professionals than developers. Google's scanner was designed to be easier to use, Mann said. The service is designed to spot errors in code that could be exploited through XSS (cross side scripting) or mixed content attacks, two common attack methods.

The scanner inspects a Web application in multiple steps. First, it quickly reviews the application's HTML code, which renders the front-end interface for users. Then it digs more deeply into the JavaScript code that runs the business logic for the site.

XSS attacks occur in sites that allow users to submit their own content, such as a discussion forum. If the Web server does not properly vet the submitted materials, attackers can add malicious code that executes when other users visit the site.
Mixed content attacks take advantage of sites that mix secure HTTPS pages with unsecured regular HTTP pages. Such sites can fool users into thinking that data is secure, when in fact it is not. The scanning service does not cover all types of vulnerabilities, so Mann recommended customers still get manual security reviews by professionals. As time goes on, Google will expand the service to cover a wider range of vulnerabilities.

Google is not charging for the scanner, though its use may incur fees on the Google App Engine services deployed by the Web application being scanned.

Computerworld:

 

« How the US Military will fight ISIS on the Dark Web
Oxford Cyber Risk for Leaders Programme »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

Tinfoil Security

Tinfoil Security

Tinfoil is a simple, developer friendly service that lets you scan your website for vulnerabilities and fix them quickly and easily.

Deductive Labs

Deductive Labs

Deductive Labs consulting services help customers with their technology, security and automation challenges.

Crossmatch

Crossmatch

Crossmatch is a world leader in risk-based composite authentication and biometric identity management.

Avansic

Avansic

Avansic is a leading provider of e-discovery and digital forensics services to attorneys, litigation support teams, and business communities.

KLDiscovery

KLDiscovery

KLDiscovery is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

JobStreet.com

JobStreet.com

JobStreet is one of Asia’s leading online employment marketplaces in Malaysia, Philippines, Singapore, Indonesia and Vietnam.

Vulcan Cyber

Vulcan Cyber

At Vulcan, we’re modernizing the way enterprises reduce their cyber risk. From detection to resolution, we automate and orchestrate the vulnerability remediation process dynamically and at scale.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Air IT

Air IT

Air IT are a responsive, client-focused and award-winning Managed Service Provider, helping clients achieve success and transformation through their IT and communications.

Creative ITC

Creative ITC

Creative ITC is a leading infrastructure and cloud enablement company. We design and deliver exceptional managed services and cloud solutions.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.