This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Pentesting for a web based app deployed on Google Cloud Platform (GCP)

Posted on 01-10-2024 08:00 AM
dheerajpanyam
Silver 4
Silver 4
Reply posted on --/--/---- --:-- AM

I would like to know more about pentesting for web based apps and the like on Google Cloud Platform

1. What does it entail - Authentications , access controls , data encryption?

Are there tools that do this or is this more of a manual process or both?

Solved Solved
1 2 1,794
Topic Labels
Jump to Solution
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
lawrencenelson
Staff
Reply posted on --/--/---- --:-- AM

Greetings @dheerajpanyam,

Before diving into penetration testing applications on GCP, please be aware of and comply with the following:

While Google Cloud doesn't offer its own pentesting tools, here are some third party options available:

Automated Scripts:

  • GCP Scanner: Analyzes Google Cloud commands to identify compute instances with exposed network ports
  • GCP Firewall Enum: Similar function to GCP Scanner
  • GCP IAM Collector: Collects and visualizes GCP IAM permissions
  • Prowler: Open-source tool for security assessments, audits, and hardening across multiple cloud providers
  • ScoutSuiteOpen-source multi-cloud security auditing tool

Pentesting Services:

You may also review these additional documents for more information:

I hope this helps. Thank you. 

View solution in original post

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dheerajpanyam
Silver 4
Silver 4
In response to lawrencenelson
Reply posted on --/--/---- --:-- AM

Thanks so much @lawrencenelson 

View solution in original post

Jump to Solution
2 REPLIES 2

Posted on --/--/---- --:-- AM
lawrencenelson
Staff
Reply posted on --/--/---- --:-- AM

Greetings @dheerajpanyam,

Before diving into penetration testing applications on GCP, please be aware of and comply with the following:

While Google Cloud doesn't offer its own pentesting tools, here are some third party options available:

Automated Scripts:

  • GCP Scanner: Analyzes Google Cloud commands to identify compute instances with exposed network ports
  • GCP Firewall Enum: Similar function to GCP Scanner
  • GCP IAM Collector: Collects and visualizes GCP IAM permissions
  • Prowler: Open-source tool for security assessments, audits, and hardening across multiple cloud providers
  • ScoutSuiteOpen-source multi-cloud security auditing tool

Pentesting Services:

You may also review these additional documents for more information:

I hope this helps. Thank you. 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dheerajpanyam
Silver 4
Silver 4
In response to lawrencenelson
Reply posted on --/--/---- --:-- AM

Thanks so much @lawrencenelson 

Jump to Solution
Top Labels in this Space
Top Solution Authors
View all