IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [google-cloud-platform]

19 questions
2
votes
1 answer

should I treated the let's encrypt fullchain.pem as a public key

I am using let's encrypt to generate a certificate. It contains 'fullchain.pem' and 'privkey.pem'. should I treated the let's encrypt fullchain.pem as a public key? I find the public key certificate format as same with the fullchain.pem. When the…
Dolphin
  • 123
  • 5
2
votes
1 answer

Container Vulnerability Management

Having difficulty understanding how to translate 'traditional' vulnerability management to a cloud environment. Previously accustomed to using tools like OpenVAS and Nessus, setting up scans which target static IPs and CIDR blocks. This approach…
Scot Matson
  • 123
  • 6
2
votes
1 answer

My Firebase project has unknown users, has my google cloud service account been compromised?

My project is a flutter app, it is in Internal Testing only, I am the only user. I've been working on this project for about a month and all of a sudden today I keep getting unknown users registering. These unknown users are not registering through…
InsolentWorm
  • 21
  • 1
1
vote
1 answer

Risk scenarios when hosting KEK in Google Cloud KMS HSM backended

For some time now, we have been assessing the risks from a GDPR perspective when data (data-at-rest) in the Google Cloud is fully encrypted using native means. This means that we create both the KEK and the DEK completely with Google Cloud KMS and…
rsfeed
  • 9
  • 1
1
vote
1 answer

Does adding a randomized string in S3 file path has equal security to Google Drive shared link

I would like to use an AWS S3 bucket to store my IoT firmware file and allows all of my IoT devices to access it to update the firmware to the latest version. I want that the firmware file in the S3 bucket is secret to only me and my devices. But I…
asinkxcoswt
  • 375
  • 1
  • 3
  • 7
1
vote
0 answers

Keeping data confidential from the system administrator

Problem How do I ensure that I cannot access confidential data manually through the database? Practically speaking, this is a firestore database on google cloud, and I have access to the administrator google account. For the purposes of this…
Programmdude
  • 111
  • 2
1
vote
1 answer

Is it safe to make every resource public in a Google Cloud Storage bucket?

I'm developing a business web application for my client, in which he can upload images (e.g. floor plans, photos of object etc.) and documents of different objects (word, excel etc.). The images should be displayed when someone logs in the website…
Mitulát báti
  • 113
  • 5
1
vote
0 answers

No way of restricting public access to Firestore/API

Just glancing at GCP offerings for storing data, I noticed that while using Firestore, the only control for restricting public access is via security rules. However, in case of mis-configuration of security rules or compromise on access tokens/keys…
xandfury
  • 1,351
  • 3
  • 10
  • 19
0
votes
0 answers

How to install cloud software locally for security research

How you can test cloud software locally? For AWS, there is Localstack, but what about Google Cloud, and Azure? I want to try it, change a lot of configurations and maybe install some software there, that is why I don't want to use the remote cloud.
almosaiki
  • 1
0
votes
0 answers

Is Google Cloud Database encryption with customer specified keys PCI and / or HIPAA compliant?

Amateur Question... We've written a SaaS application that runs in Google Cloud on a GCP-managed MySQL database. We now need to make our application PCI and / or HIPAA compliant. I know we need to specify our own encryption key and keep it off the DB…
Ben
  • 101
  • 1
0
votes
0 answers

Act as another google cloud platform user in a web app

I want to set up an OAuth2.0 flow on a web application for users that have access to GCP. The user will login to a web app. Then, the OAuth2.0 flow will need to ask for the consent that will allow the app to perform things on their behalf, based on…
pkaramol
  • 103
  • 3
0
votes
1 answer

How could attacker know user names of my Google Workspace?

I found in my Google admin logs that someone from outside my organization is trying to log in frequently by testing all our user accounts against weak passwords. I'm wondering how could that happen? How did he manage to get the correct list of all…
Dreamer64
  • 109
  • 2
0
votes
0 answers

Google Cloud and Private CM on Microsoft Windows and FedRamp compliance for TLS

Is it possible to use Private Certificate Authority based on Microsoft Windows Servers for protection SSL/TLS connections in FedRAMP environment on Google Cloud?
taulatin
  • 1
0
votes
1 answer

How to perform security audit of a web service that uses google cloud's external HTTP(s) load balancer?

An independent security auditor discovered many open ports by using nmap while auditing a web service deployed on GCP. The service is a Cloud Run instance behind an HTTP(s) load balancer. The auditor wants to flag these as risks in the audit…
Raiyan
  • 101
  • 2
0
votes
0 answers

Is it possibile to interact with firebase database using credentials obtained from an APK?

during the static analysis while pentesting an android application I found the following information to connect to a firebase instance. 1:**REDACTED**:android:**REDACTED**
D.Rek
  • 101
  • 2
1
2