Google Cloud IAP - A Pentester Viewpoint
Cloud Security Podcast26 Heinä 2023

Google Cloud IAP - A Pentester Viewpoint

Google Cloud Security Assessment from a pentester's lens. Anjali from NotSoSecure will be sharing her research into Google Cloud IAP & finding ways to assess the use of Google Cloud IAP in your environment and what are some of the low hanging fruits that you can remove today to reduce any potential risk from the service to your Google Cloud environment.


Episode YouTube Video Link


Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠)

Guest Socials: Anjali S's Linkedin (Anjali S)

Podcast Twitter - ⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

- ⁠⁠⁠⁠Cloud Security Newsletter

- ⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠


Spotify TimeStamp for Interview Questions

A word from our sponsors - you can visit them on ⁠⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠⁠


(00:00) Introduction

(04:31) A bit about Anjali Shukla

(05:23) What is GCP IAP?

(07:18) Why is IAP so important?

(09:55) IAP and Identity Federation

(11:34) SSH vs Jump Box

(13:57) GCP IAP vs AWS Cognito

(16:22) Misconfigurations in GCP IAP

(23:17) Potential security scenarios

(25:45) Cloud Security Assessment in GCP

(28:13) Doing your own cloud security assessment

(30:49) The Fun Questions


See you at the next episode!


Jaksot(345)

OPEN SOURCE AWS SECURITY - MATTHEW FULLER, co-Founder CloudSploit, Aqua

OPEN SOURCE AWS SECURITY - MATTHEW FULLER, co-Founder CloudSploit, Aqua

In this episode of the Virtual Coffee with Ashish edition, we spoke with Matthew Fuller, co-Founder CloudSploit, Aqua Host: Ashish Rajan - Twitter @hashishrajan Guest: Matthew Fuller - Linkedin @ma...

15 Marras 202047min

WHAT THE HECK IS CI/CD | Continuous Integration | Delivery | Deployment - Melissa Benua

WHAT THE HECK IS CI/CD | Continuous Integration | Delivery | Deployment - Melissa Benua

In this episode of the Virtual Coffee with Ashish edition, we spoke with Melissa Benua, Director of Engineering Host: Ashish Rajan - Twitter @hashishrajan Guest: Melissa Benua - Linkedin @mbenua I...

8 Marras 202042min

HOW TO PREPARE FOR GDPR IN AZURE CLOUD ENVIRONMENT- Naomi Buckwalter

HOW TO PREPARE FOR GDPR IN AZURE CLOUD ENVIRONMENT- Naomi Buckwalter

In this episode of the Virtual Coffee with Ashish edition, we spoke with Naomi Buckwalter Host: Ashish Rajan - Twitter @hashishrajan Guest: Naomi Buckwalter - Linkedin @naomi-buckwalter In this ep...

1 Marras 202046min

HOW TO START in BUG BOUNTY IN 2020 with Casey Ellis, BugCrowd

HOW TO START in BUG BOUNTY IN 2020 with Casey Ellis, BugCrowd

In this episode of the Virtual Coffee with Ashish edition, we spoke with Casey Ellis Host: Ashish Rajan - Twitter @hashishrajan Guest: Casey Ellis - Linkedin @caseyjohnellis In this episode, Casey...

25 Loka 20201h 5min

CONTINUOUS MONITORING FOR CONTROLS & VULNERABILITIES - DANIEL MIESSLER

CONTINUOUS MONITORING FOR CONTROLS & VULNERABILITIES - DANIEL MIESSLER

In this episode of the Virtual Coffee with Ashish edition, we spoke with Daniel Miessler Host: Ashish Rajan - Twitter @hashishrajan Guest: Daniel Miessler - Linkedin @danielmiessler In this episod...

18 Loka 202048min

AWS SECURITY IN A LARGE REGULATED ENTERPRISE! - HOUSTON HOPKINS, CAPITAL ONE

AWS SECURITY IN A LARGE REGULATED ENTERPRISE! - HOUSTON HOPKINS, CAPITAL ONE

In this episode of the Virtual Coffee with Ashish edition, we spoke with Houston Hopkins, Director CyberSecurity, Capital One Host: Ashish Rajan - Twitter @hashishrajan Guest: Houston Hopkins - Lin...

11 Loka 20201h 1min

CISO Challenges in Cloud Security - Caleb Sima, VP - Security at Databricks

CISO Challenges in Cloud Security - Caleb Sima, VP - Security at Databricks

In this episode of the Virtual Coffee with Ashish edition, we spoke with Caleb Sima, VP - Security, Databricks Host: Ashish Rajan - Twitter @hashishrajan Guest: Caleb Sima - Linkedin @CalebSima I...

4 Loka 20201h 6min

WHAT IS SECURITY CHAOS ENGINEERING? - JEROME WALTER, SECURITY MODERNISATION

WHAT IS SECURITY CHAOS ENGINEERING? - JEROME WALTER, SECURITY MODERNISATION

In this episode of the Virtual Coffee with Ashish edition, we spoke with Jerome Walter, Security Modernisation, Director, VMWare Host: Ashish Rajan - Twitter @hashishrajan Guest: Jerome Walter - Li...

27 Syys 20201h 2min