[Owasp-leaders] Pentesting Google Cloud

Timur 'x' Khrotko (owasp) timur at owasp.org
Thu Oct 9 16:10:22 UTC 2014


Interestingly, I can't find similar blessing process on DO neither.
However I could find an openvas guide by their own technical writer:
https://www.digitalocean.com/community/tutorials/how-to-use-openvas-to-audit-the-security-of-remote-systems-on-ubuntu-12-04
(which states: "It is important to not run these scans against targets that
are not under your control, because they may look like potential attacks to
other users.")


On Thu, Oct 9, 2014 at 1:48 PM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> Thanks but the Google Bug Bounty program does not apply for apps developed
> by third parties.
>
> If I upload an app to Google Cloud, I want to make sure all formal
> processes are followed before attempting to pentest it. Amazon is quite
> clear about the process as stated below, I'm just searching for same
> process at Google.
>
> Regards
> Fabio
>
> On Thu, Oct 9, 2014 at 12:37 PM, Jim Manico <jim.manico at owasp.org> wrote:
>
>> Google has a bug bounty program with extensive rules of play.
>>
>> http://www.google.com/about/appsecurity/reward-program/
>>
>> Aloha,
>> --
>> Jim Manico
>> @Manicode
>> (808) 652-3805
>>
>> On Oct 9, 2014, at 7:34 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:
>>
>> hi there,
>>
>> As you might know, Amazon requires anyone who wants to perform a pentest
>> of an app hosted on their AWS to submit a pentest request form:
>>
>> http://aws.amazon.com/security/penetration-testing/
>>
>> However, I cannot find a similar process for Google Cloud Services.
>>
>> Any pointers are really appreciated.
>>
>> Thanks
>> Fabio
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>

-- 
This message may contain confidential information - you should handle it 
accordingly.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20141009/034f6dde/attachment.html>


More information about the OWASP-Leaders mailing list