RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from http://cloud.google.com/security-command-center/docs/how-to-use-web-security-scanner below:

Using Web Security Scanner | Security Command Center

Important: Web Security Scanner managed scans are available only for Security Command Center Premium tier.

This page shows you how to use Web Security Scanner managed scan features and review findings in the Google Cloud console. Examples of Web Security Scanner findings are also shown.

Web Security Scanner is a built-in service for the Security Command Center Premium tier that identifies common security vulnerabilities in your App Engine, Google Kubernetes Engine (GKE), and Compute Engine web applications. To view Web Security Scanner findings, it must be enabled in Security Command Center Services settings.

Note: Attack path simulations don't support Web Security Scanner findings, so the findings don't get attack exposure scores or attack paths.

Caution: Web Security Scanner can adversely affect the reliability of some applications and might not be suitable for use in a production environment. Also, Web Security Scanner cannot detect all possible vulnerabilities in an application. For more information, see the following:

Learn more about how Web Security Scanner works.

Reviewing findings

Web Security Scanner's managed scan feature automatically configures and schedules scans for each of your in-scope projects. Web Security Scanner scans can take up to 24 hours to start after the service is enabled and run weekly after the first scan. Findings are viewed in Security Command Center.

Important: The managed scans that are included with the Security Command Center Premium tier are separate from Web Security Scanner custom scans. Custom scans are more thorough than default managed scans and provide granular information about application vulnerability findings. For information about custom scans, see the Web Security Scanner custom scan guide. Review findings in the console

The IAM roles for Security Command Center can be granted at the organization, folder, or project level. Your ability to view, edit, create, or update findings, assets, and security sources depends on the level for which you are granted access. To learn more about Security Command Center roles, see Access control.

To review Web Security Scanner findings in Security Command Center, follow these steps:

In the Google Cloud console, go to the Findings page of Security Command Center.
Go to Findings
Select your Google Cloud project or organization.
In the Quick filters section, in the Source display name subsection, select Web Security Scanner. The findings query results are updated to show only the findings from this source.
To view the details of a specific finding, click the finding name in the Category column. The details panel for the finding opens and displays the Summary tab.
On the Summary tab, review the details of the finding, including information about what was detected, the affected resource, and—if available—steps that you can take to remediate the finding.
Optional: To view the full JSON definition of the finding, click the JSON tab.

View all findings associated with a specific URL

A scan can produce findings from several base URLs. To display all findings associated with a given URL in a scan, follow these steps:

Open the finding and view its JSON definition.
Copy the URL next to externalUri.
Close the finding detail pane.
In the Query editor, enter the following query:
```
externalUri:"AFFECTED_URI"
```
Replace AFFECTED_URI with the URL you previously copied.

Security Command Center displays all the findings that are associated with the URL.

Example findings

Example Web Security Scanner managed scan findings include the following:

Table A. Web Security Scanner managed scan finding types Vulnerability Description Mixed-content A page that was served over HTTPS also serves resources over HTTP. A man-in-the-middle attacker could tamper with the HTTP resource and gain full access to the website that loads the resource or monitor users' actions. Clear text password An application returns sensitive content with an invalid content type, or without an X-Content-Type-Options: nosniff header. Outdated Library

The version of an included library is known to contain a security issue. The scanner checks the version of library in use against a known list of vulnerable libraries. False positives are possible if the version detection fails or if the library has been manually patched.

Web Security Scanner identifies some vulnerable versions of the following popular libraries:

jQuery, for example: CVE-2011-4969
jQuery Mobile, for example: known XSS vulnerability
AngularJS, for example: XSS through SVG vulnerability

This list is updated periodically with new libraries and updated vulnerabilities as applicable.

Learn more about using Security Command Center in the Google Cloud console.

Filtering findings in the Google Cloud console

A large organization might have many vulnerability findings across their deployment to review, triage, and track. By using filters that are available on the Security Command Center Vulnerabilities and Findings pages in the Google Cloud console, you can focus on the highest severity vulnerabilities across your organization, and review vulnerabilities by asset type, project, and more.

For more information about filtering vulnerability findings, see Filter vulnerability findings in Security Command Center.

Mute findings

To control the volume of findings in Security Command Center, you can manually or programmatically mute individual findings or create mute rules that automatically mute current and future findings based on filters you define.

Muted findings are hidden and silenced, but continue to be logged for audit and compliance purposes. You can view muted findings or unmute them at any time. To learn more, see Mute findings in Security Command Center.

Scan configurations

If Web Security Scanner is given access credentials, it will perform all actions using that level of access. To reduce risk to your production resources, and to catch vulnerabilities before they reach production, it is recommended that you run scans in development, testing, staging, or quality assurance environments.

Scanning production resources is useful because even small changes to resources between testing and production can introduce vulnerabilities. However, you might want to use limit access during production scans. See Best practices for more information.

To review managed scan configurations and manually start scans, use the Google Cloud console.

To see the managed scan configuration for a project:

Go to the Web Security Scanner page in the Google Cloud console.
Go to the Web Security Scanner page
Select a project. A page appears with a list of your managed and custom scans.
Under Scan configs, click managed_scan. The page that appears shows the results of the most recent managed scan, including scan status, URLs crawled, and vulnerabilities found. Use the drop-down list to see the results of previous scans.

Web Security Scanner administers and maintains managed scans, so you cannot modify scan configurations. Managed scans can only be edited or deleted in Security Command Center, as discussed in Disabling managed scans.

Static IP address ranges for managed scans

When Web Security Scanner is enabled in Security Command Center, managed scans start automatically using static IP addresses in the following ranges:

8.34.210.32/27
34.66.18.0/26
34.66.114.64/26
34.68.34.64/27

On-demand scans

Managed scans run automatically on a set schedule. However, you can use the Web Security Scanner interface to run on-demand managed scans:

Go to the Web Security Scanner page in the Google Cloud console.
Go to the Web Security Scanner page
Select a project. A page appears with a list of your managed and custom scans.
Under Scan configs, click managed_scan.
On the next page, click Run at the top of the page; or
Click Run scan again in the Results tab.

The scan begins and findings are updated in Security Command Center when completed. On-demand managed scans are useful when you want to capture findings for new or updated projects in between scheduled scans. On-demand scans don't impact the timing of scheduled weekly scans.

You can find more information about the scan in the project logs page.

Disabling managed scans

It is recommended that you keep Web Security Scanner enabled for all in-scope projects. However, you can disable Web Security Scanner in Security Command Center or, if Security Command Center is activated at the organization level, disable Web Security Scanner managed scans for specific projects or folders.

Disable Web Security Scanner scans for a project or folder

To disable managed scans for a folder or project:

Go to the Services page in Security Command Center.

Go to the Service page
Select your project or organization.
On the Web Security Scanner card, click Manage settings. The Service enablement page opens for Web Security Scanner.
In the Service enablement panel, disable Web Security Scanner for the project or folder by using one of the following methods:
- Navigate to the project or folder:
  1. In the Service enablement panel, navigate to the project or folder by scrolling and expanding any parent organization or folders as necessary.
  2. On the row for the project or folder, from the menu in the Web Security Scanner column, select Disable.
- For projects and folders only, search for the project or folder by name:
  1. Click Search for a folder or project.
  2. In the Search resources dialog, enter the name of the project, folder, or organization. The project is displayed in the dialog.
  3. In the dialog, from the menu in the Web Security Scanner column, select Disable.

Disabled projects are no longer included in managed scans.

Disable Web Security Scanner in Security Command Center

To disable the Web Security Scanner service in Security Command Center:

Go to the Services page in Security Command Center.

Go to the Service page
Select your project or organization.
On the Web Security Scanner card, click Manage settings. The Service enablement page opens for Web Security Scanner.
Under Service enablement, on the row for the top-level project or organization, from the menu in the Web Security Scanner column, select Disable.

Web Security Scanner is disabled in Security Command Center and managed scans will no longer run.

You can continue to use Web Security Scanner as a standalone product through the Web Security Scanner interface in the Google Cloud console, with the following changes:

You need to configure and manage custom scans for each of your projects.
Managed scan configurations are archived and existing managed scan findings remain viewable in the Google Cloud console.
Managed scans are only available in Security Command Center Premium, so managed scan configurations and existing managed scan findings are removed from the Web Security Scanner interface.

If Web Security Scanner is turned back on in Security Command Center, managed scan configurations and findings reappear in the Web Security Scanner interface. Generally, if the same vulnerabilities are found during new scans, existing findings are updated. If your application or website changed substantially since the last scan, new findings may be created.

What's next

Learn about remediating Web Security Scanner findings.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4