Security is an important feature of Google Cloud. Steps should be taken to protect the App Engine and identify vulnerabilities.
You can use the following features to ensure that the App Engine is secure.
HTTPS requests.
You can use HTTPS requests to access the App Engine app securely.
Access control. Access control will determine who has permission to access services and resources in the Google Cloud project. Roles determine which services and actions are available to a user account or service account.
App Engine firewall. The App Engine firewall enables you to control access to your App Engine app through a set of rules that can either allow or deny requests from the specified ranges of IP addresses.
Create a firewall to:
Allow traffic from within a specific network only.
Ensure that only a certain range of IP addresses from specific networks can access your app. For example, create rules to allow only the range of IP addresses from within your company’s private network during your app’s testing phase.
Allow traffic from a specific service only.
Block abusive IP addresses . While Google Cloud has many mechanisms in place to prevent attacks, you can use the App Engine firewall to block traffic to your app from IP addresses that present malicious intent or shield your app from denial of service attacks and similar forms of abuse. You can blacklist IP addresses or sub-networks so that requests routed from them are denied before it reaches your App Engine app.
Security scanner.
The Google Cloud Security Scanner discovers vulnerabilities by crawling your App Engine app, following all that links within the scope of your starting URLs, and attempting to exercise as many user inputs and event handlers as possible.
