Scan vulnerabilities by Cloud Security Scanner : Google Cloud Platform
Overview:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
The Cloud Security Scanner identifies security vulnerabilities in your Google App Engine web applications. It crawls your application, following all links within the scope of your starting URLs, and attempts to exercise as many user inputs and event handlers as possible.
The scanner is designed to complement your existing secure design and development processes. To avoid distracting developers with false positives, the scanner errs on the side of under reporting and will not display low confidence alerts. It does not replace a manual security review, and it does not guarantee that your application is free from security flaws.
LABS ::: START : GCP + QWIKLABS :::::::::::::::::::::::::::::
list the active account name with this command::
gcloud auth listlist the project ID :(your own project id / temporary qwiklabs credentials)
gcloud config list project“Before you begin, you need an app to scan”
In this lab, you will deploy a sample Hello World application to run Security Scanner on. Run the following command in Cloud Shell to clone the Hello World sample app repository:
git clone https://github.com/GoogleCloudPlatform/python-docs-samples go to the directory that contains the sample code of the repo:
cd python-docs-samples/appengine/standard_python37/hello_worldNOW , We have to test App ::::::::::::::::::::::::::::::::
From within the hello_world directory where the app's app.yaml configuration file is located, start the local development server with the following command:
dev_appserver.py app.yamlthe app will berunning and listening for requests on port 8080.
Click on the web preview button in Cloud Shell, and select Preview on port 8080 to observe changes:::
now we need to Press Ctrl+c to stop the local app and return to the command line for further process.
NOW IT’S TIME TO DEPLOY YOUR APP ON CLOUD ::::
Deploy your app to App Engine by running the following command from within the root directory of your application (hello_world):
gcloud app deployNote: You’ll be asked to select a region. Choose the number for one that is near where you are. After the app is created in your lab, you’ll be asked if you want to continue. Click Y to continue.
Deployment of your app will then begin.
View Your App :::::::::::::::::::
To launch the app in your browser, run the following command:
gcloud app browseNote :: There will be a link in Cloud Shell that you can use, or view the app at
http://[YOUR_PROJECT_ID].appspot.com. This is the URL you'll scan for vulnerabilities and it will be added to your scan parameters in the next step.
Now we will be processing the Run the scan for vulnerabilities :::::::::::::::::::::::::::::::::::
https://cloud.google.com/security-command-center/docs
The scan does not run immediately, but is queued for later execution; it can take hours before the scan executes, depending on current load. For more information about these form settings, see this above link for more description :::::
now we have to Go to GCP CONSOLE >Navigation menu > App Engine > Security scans:
Click Enable API > Create scan.
Under
Starting URLs, enter the URL of the application you want to scan
Click Save to create the scan.
Click Run to start scanning:
The scan will be queued, and you can watch the status bar progress as it scans. The scan overview page displays a results section when the scan completes. The following image shows example scan results when no vulnerabilities are detected:
Note: Try refreshing the page if you aren’t seeing any updates.
so this is how we can start scanning urls / apps for checking vulnerabilities on gcp . wait for sometime it will show you the result .
if you get this interesting hit claps as much as you can so that i will make more content like this . Thank you stay safe .
