# Google Cloud Pentesting Requirements

A GCP pentest allows you to conduct a security assessment of your infrastructure that is not directly evaluated during the traditional penetration testing assessments. GCP pentesting is an authenticated view of an attacker scenario where the attacker has the same level of access as that of an IAM user or service account.

## Does GCP allow penetration testing?

Yes, GCP does not require users to provide any notifications or seek permissions ahead of time for performing a pentest on GCP. As a standard practice, we must refrain from activities that would be considered Denial of Service attacks.

## Limitations

The limitations highlighted by Google require adherence to the [Google's Acceptable Use Policy](https://cloud.google.com/terms/aup) and should not involve targeting the resources that do not belong to you.

## Additional references

* [Google Cloud Platform Acceptable Use Policy](https://cloud.google.com/terms/aup)
* [Cloud Security FAQ](https://support.google.com/cloud/answer/6262505?hl=en)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://0xcriminal.gitbook.io/about-me/cloudsec/pentesting-requirements-for-the-cloud/pentesting-requirements-google-cloud.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.