Google launched the Google Cloud Security Scanner in beta. The New web application vulnerability scanner allows App Engine developers to regularly scan their applications for two common web application vulnerabilities:
- Cross-Site Scripting (XSS)
- Mixed Content Scripts
- Use a real browser – This approach avoids the parser coverage gap and most closely simulates the site experience. However, it can be slow due to event firing, dynamic execution, and time needed for the DOM to settle.
“Cloud Security Scanner addresses the weaknesses of [real and emulated browsers] by using a multi-stage pipeline,” Mann wrote in a blog post. “As with all dynamic vulnerability scanners, a clean scan does not necessarily mean you’re security bug free.”