Cloud Security Scanner will scan common WEB APP flaws for you
While Amazon doesn’t have any scanner for its cloud clients, Google has deployed its new security bug checker. It’s called Google Cloud Security Scanner. With this platform Google has enabled scanning of developer’s application for common security loopholes. Through its scanning service, Google will track two most common flaws – cross-site scripting and mixed content.
HTML and JavaScript applications are tough to crawl and test, so the scanner is given a more novel approach. Here, the scanner will parsing the code to later execute a full-page render and search for more complex areas of a developer’s site.
The sites that invite users to post their content like discussion forum are more vulnerable to XSS attacks. The second type of vulnerability results from mixed content attacks. The advantage is the mix secure HTTPS pages with unsecured regular HTTP pages. In this case, the site can fool you as the data will appear to be secure when it’s not.
The hacker’s sometime hackers inject malicious code into hosted apps. To handle that in a controlled and safe way, Google will hit the site with payload in order to detect the vulnerability of any web app.
As a matter of fact, commercial Web application security scanners give a difficult set-up time, and also troubles users with over – report issues.
On the other hand, Google Cloud Security Scanner is available as a free beta for Google App Engine Users.
Soon, other cloud service providers will have to do something about delivering some kind of scanning service against potential threats and bugs that appeared in recent weeks.