Web developers who use the Google App Engine cloud development service have a new security tool at their disposal. The Google Cloud Security Scanner, now a beta release, will scan apps for cross-site scripting and other vulnerabilities.
The tool involves a small botnet that scans sites and attempts to attack with a harmless payload. Google says, “Most developers will appreciate a low effort, low noise experience when checking for security issues.”
Developers can use the scanner for free, but its use will count against quotas and bandwidth charges.