Even the most careful developer will make the occasional mistake, and when it comes to security, mistakes can be disastrous. One of our goals is to make it easier for you to develop secure web applications and to find and fix issues early in the development lifecycle.

Today, we are pleased to announce the general availability of Cloud Security Scanner, a tool which enables App Engine developers to proactively test their applications for many common web application security vulnerabilities. For example, it can detect issues like cross-site scripting (XSS), Mixed Content, and Flash Injection or alert you to the usage of insecure Javascript libraries.

The tool is easy to setup and use, and is well suited for the modern, complex, Javascript-heavy applications which App Engine enables you to build and deliver.

Cloud Security Scanner is available free of charge for Google Cloud Platform customers, so please visit https://cloud.google.com/security-scanner/getstarted to get started.

We’d also like to thank all of the beta testers who have provided great feedback to the product team over the past couple of months. We really appreciate the support.

- Posted by Matthew O’Connor, Product Manager