[Owasp-leaders] Pentesting Google Cloud

John Rogers john.rogers at owasp.org
Thu Aug 13 14:51:04 UTC 2015


Thanks for providing the links, they are much appreciated.

I read the Amazon information and then sent email asking for
clarification.  The Penetration Testing information seemed to focus on
testing that is originating from an AWS instance and not on testing that
targets an AWS instance.  I also asked if it made any difference if a VPN
connection was used or if the test requests originated from a public
network connection.

The AWS folks responded very quickly:

"*All testing that involves the AWS infrastructure in any way must have
prior approval from AWS prior to testing commencing, whether it be to or
from AWS.  Public or private testing isn't differentiated, all testing
requires prior approval from AWS.*"

Seems pretty clear now, get approval first.

Thanks again Fabio.


On Mon, Aug 10, 2015 at 11:35 AM, Fabio Cerullo <fcerullo at owasp.org> wrote:

> hi there,
> Just got an update from Google regarding this matter. Please see below:
> https://support.google.com/cloud/answer/6262505?rd=1
> Regards,
> Fabio Cerullo
> Global Board Member
> OWASP Foundation
> https://www.owasp.org
> Join me at AppSecUSA 2015 <https://2015.appsecusa.org> in San Francisco!
> On 9 Oct 2014, at 12:33, Fabio Cerullo <fcerullo at owasp.org> wrote:
> hi there,
> As you might know, Amazon requires anyone who wants to perform a pentest
> of an app hosted on their AWS to submit a pentest request form:
> http://aws.amazon.com/security/penetration-testing/
> However, I cannot find a similar process for Google Cloud Services.
> Any pointers are really appreciated.
> Thanks
> Fabio
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150813/6b338e2b/attachment.html>

More information about the OWASP-Leaders mailing list