I would like to know more about pentesting for web based apps and the like on Google Cloud Platform
- What does it entail - Authentications , access controls , data encryption?
Are there tools that do this or is this more of a manual process or both?
1 Like
Greetings @dheerajpanyam ,
Before diving into penetration testing applications on GCP, please be aware of and comply with the following:
While Google Cloud doesn’t offer its own pentesting tools, here are some third party options available:
Automated Scripts:
- GCP Scanner: Analyzes Google Cloud commands to identify compute instances with exposed network ports
- GCP Firewall Enum: Similar function to GCP Scanner
- GCP IAM Collector: Collects and visualizes GCP IAM permissions
- Prowler: Open-source tool for security assessments, audits, and hardening across multiple cloud providers
- ScoutSuite: Open-source multi-cloud security auditing tool
Pentesting Services:
You may also review these additional documents for more information:
- GCP Pentesting
- Penetration Testing and Security on Google Cloud
- Google Cloud Penetration Testing: Ensuring Cloud Security
I hope this helps. Thank you.
Thanks so much @lawrencenelson
2 Likes