Google Cloud Pentesting Requirements

A GCP pentest allows you to conduct a security assessment of your infrastructure that is not directly evaluated during the traditional penetration testing assessments. GCP pentesting is an authenticated view of an attacker scenario where the attacker has the same level of access as that of an IAM user or service account.

Does GCP allow penetration testing?

Yes, GCP does not require users to provide any notifications or seek permissions ahead of time for performing a pentest on GCP. As a standard practice, we must refrain from activities that would be considered Denial of Service attacks.

Limitations

The limitations highlighted by Google require adherence to the Google's Acceptable Use Policy and should not involve targeting the resources that do not belong to you.

Additional references

Google Cloud Platform Acceptable Use Policy
Cloud Security FAQ

PreviousAWS Pentesting Requirements NextThe AWS and Google Cloud network access for this training

Last updated 2 years ago