Hi Nick, Thank you very much for your reply. I will go through the links you have provided.
-- Azher On Friday, 26 June 2015 03:48:23 UTC+5:30, Nick (Cloud Platform Support) wrote: > > Hey Azher, > > Any app-level security tests are going to be fine: injection, CSRF, XSS, > etc., will be fine to test, since we don't monitor or prevent this in any > way. It's up to app developers to safeguard from these app-level > vulnerabilities. > > However, when it comes to DOS, be aware that our infrastructure does > actively prevent these, as you can read in the Security Whitepaper > <https://cloud.google.com/security/whitepaper>: > > All traffic is routed through custom GFE (Google Front End) servers to >> detect and stop malicious requests and Distributed Denial of Service (DDoS) >> attacks. >> > > Conducting a (D)DOS attack, whether "real" or a "test" (they're ultimately > identical in terms of network packets), will have the result of potentially > rousing the infrastructure security systems from slumber, and might result > in black-listing the IPs you used as your launchpad for the (D)DOS. > > Additionally, note that attempting to break out of the security sandbox is > of course in violation of the Terms of Service > <https://cloud.google.com/terms/>, and you'll want to take a look at that > as well before proceeding. > > Do you have any further questions related to security and pen-testing? > > -- Nick > > On Thursday, June 25, 2015 at 5:15:08 AM UTC-4, Azher Uddin Farooqi wrote: >> >> Hi, >> >> We are starting penetration testing (for DOS, CSRF and XSS attacks etc.) >> on Google App Engine. Do you see any issues ? >> >> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To post to this group, send email to google-appengine@googlegroups.com. Visit this group at http://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/5acd8450-b519-4a71-9d8e-e59349f9e3c2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
