Security is a core feature of the Google Cloud Platform, but there are still steps you should take to identify vulnerabilities and protect your application.
The Google Cloud Security Scanner discovers vulnerabilities by crawling your application, following all links within the scope of your starting URLs, and attempting to exercise as many user inputs and event handlers as possible.
The App Engine Denial of Service (DoS) Protection Service enables you to protect your application from running out of quota when subjected to denial of service attacks or similar forms of abuse. You can blacklist IP addresses or subnets, and requests routed from those addresses or subnets will be dropped before your application code is called. No resource allocations, billed or otherwise, are consumed for these requests.
To learn more about the Google Security Model and other steps you can take to secure your Google Cloud Platform projects, see Google Cloud Platform Security.
- Security Scanner
- Denial of Service (DoS) Protection Service
Identify security vulnerabilities in your Google App Engine applications by running security scans in the Google Cloud Platform Console.
In order to use the security scanner, you must be an owner of the project. For more information on assigning roles, see Granting Project Access.
If you want to try out the Security Scanner, see the Security Scanner Quickstart.
Denial of Service (DoS) Protection Service
The DoS protection service is designed for quantitative abuse prevention, such as preventing DoS attacks. Some requests from blacklisted users might still get through to your application, so do not depend on this service for general security.
By default, App Engine serves a generic error page to blacklisted addresses. You
can configure your app to serve a custom response instead. For details, see
error handlers in the
The DoS protection service is configured by specifying networks to block in a
dos.yaml file. For more information, see the