Google Launches Cloud Security Scanner To Help Find Vulnerabilities In App Engine Sites

Google today launched the beta of a new security tool for developers on its App Engine platform-as-a-service offering. The Google Cloud Security Scanner allows developers to regularly scan their applications for cross-site scripting and mixed content vulnerabilities.
Google is obviously not the first company to offer a tool like this, but as it argues in today’s announcement, the existing tools aren’t always “well-suited for Google App Engine developers.” Google also notes that these tools are typically hard to set up and “built for security professionals, not developers.”
scanpromptTo run its checks, Google sets up a small botnet on Compute Engine that scans your site. Requests are throttled to about 15 requests per second, which App Engine should be able to handle without problems.
On its first run, the scanner quickly crawls your site and app to parse the basic HTML code. Then, as Google describes it, it makes a second pass that fully renders the site to look at the more complex parts of the app. Once all of this is done, Google will try to attack your site with a benign payload. To do so, it uses the built-in debugger from the Chrome DevTools, and the tool checks for any changes in the browser and DOM to see whether the injection was successful (and could be exploited).
By using the debugger, Google can avoid false positives, but the team also acknowledges that this means it may miss some bugs. Google, however, argues that this tradeoff is worth it because “most developers will appreciate a low effort, low noise experience when checking for security issues.”
Because the scanner actually tries to populate any field it finds and clicks on every button and link, there is a chance that it will actually activate some of the features on the site it is testing (so it may post a blog comment about how its roommate’s aunt made $9,000 per week last month working from home). To avoid this, Google recommends you either run the scanner on a test site or block some UI elements by adding some custom CSS code to them or exclude some URLs from the test.
Using the scanner is free, but it will impact your quota limits and bandwidth charges.

Comments

Post a Comment

Popular posts from this blog

Why I Wake Up Early (And 9 Reasons You Should Do So Too)

Here are 9 reasons why I say this: 1. Get a head start When you wake up at 5am, you start your day earlier than 99.9% of the world — hence giving you a head start in your day. This creates a feel-good factor, which, while psychological, creates a host of positive effects (especially for reasons #2 and #3 in the list). After all, a good start is half the battle won. It will motivate you to stay ahead so you can maintain or even widen the lead. For example, my modus operandi when I wake up early is to work on the high-impact tasks right away, as opposed to the small, easy but unimportant tasks. I will also think and work effectively, and strive to end my day earlier so that I can have an early sleep, wake up early the next day, and continue my “head start.” On the whole, I’d say that I’m more forward thinking and proactive in managing my tasks — since I have a head start in my day, I naturally think about how I can be ahead in my work too. On the other hand, when I wake up ...
Read more

Google launches OnHub, a simple, expensive Wi-Fi router

Image
Hate your finicky Wi-Fi router? Google does too, apparently. Google announced Tuesday that it's making a Wi-Fi router called OnHub, which is designed to alleviate the typical frustrations of buggy routers. It is partnering with TP-Link for the $199 router, available for immediate preorder. Google's preorder page already lists it as out of stock. In terms of design, the OnHub doesn't really look like any router before it. It eschews the usual antennas, wires and blinking lights for a large cylindrical shape with just one large light at the top. Google's cylindrical OnHub router. IMAGE: GOOGLE Google thinks there are benefits to this design: In its announcement post, it explains many people keep unsightly routers hidden away under desks and behind TVs where they don't work as well.  If the router is more pleasing to the eye, Google says, people will be more likely to keep it out in the open. A win-win. Within the cy...
Read more

2 iPhone Apps to Manage Expenses and Budget Efficiently

Image
2 iPhone Apps to Manage Expenses and Budget Efficiently Ads by Google While budgeting might not be one of the most exciting things to do (I’m sure a lot of people consider it boring and tedious), it is an extremely important activity that every household should undertake. With budgeting, you are able to plan your financial life and afford things you need and like. In short, proper budgeting lets you enjoy life to the fullest through sound financial planning. And while the task might indeed feel a bit like a chore for some, the good news is that you don’t need to make this a complex process. In fact, there are several apps out there that help people take care of their finances, and some of them allow you to do it in a very simple way, without creating complex online profiles or adding your bank accounts if you don’t want to. So if you want to know more about two such iPhone apps, read along. Pocket Expense Created by developer Appxy, Pocket Expense lets yo...
Read more