[DEPRECATED] Using Web Security Scanner to Find Vulnerabilities in an App Engine Application Reviews

Anthony B. · Reviewed about 6 years ago

Possible bug in form validation of : Web Security Scanner -> Create a new scan (Field) Starting URL: [Example URL:] https://qwiklabs-gcp-02-f1559cbabbf0.el.r.appspot.com/ 
Error popup on clicking save: One of the starting URLs is not correctly formed The URL was returned by app engine gcloud deploy: https://screenshot.googleplex.com/r2vZFmc6HAx

Kedareshwar C. · Reviewed about 6 years ago

Simone P. · Reviewed about 6 years ago

Meenakshi Sundaram P. · Reviewed about 6 years ago

Fabio C. · Reviewed about 6 years ago

Scan couldn't be created. When I used URL with just 'appspot.com' in the end as in the description: http://qwiklabs-gcp-02-25e579f22684.appspot.com Error message was: "One of the starting URLs is not hosted on the current project" If I tried to use the one I saw in the console after deployment: https://qwiklabs-gcp-02-25e579f22684.uc.r.appspot.com/ Error message was: "One of the starting URLs is not correctly formed" I tried both http and https, with and without '/' at the end - no luck...

Yevgen K. · Reviewed about 6 years ago

Doesn't work. 2nd time I have tried it and got stuck with an error.

Stefan D. · Reviewed about 6 years ago

Ramana P. · Reviewed about 6 years ago

MUHAMMAD H. · Reviewed about 6 years ago

Vidhi G. · Reviewed about 6 years ago

Muhammad Abdur R. · Reviewed about 6 years ago

Please review this lab. Could not run any scans, as was supposed to use https://qwiklabs-gcp-04-3b4959bf755f.appspot.com which worked in the browser, but gave an error "One of the starting URLs is not hosted on the current project" upon creating the scan. Tried to retrieve the app engine url inside the console "https://qwiklabs-gcp-04-3b4959bf755f.ue.r.appspot.com/", but this one gave that it is malformed..

Oleksandr O. · Reviewed about 6 years ago

Hieronim S. · Reviewed about 6 years ago

Yogesh H. · Reviewed about 6 years ago

Víctor B. · Reviewed about 6 years ago

Germán Z. · Reviewed about 6 years ago

Francisco José G. · Reviewed about 6 years ago

Web security scanner doesn't work with the appengine url.

Brent E. · Reviewed about 6 years ago

Daniele C. · Reviewed about 6 years ago

Manuel L. · Reviewed about 6 years ago

Johnervan L. · Reviewed about 6 years ago

Several errors ecnountered: The return statement does not let the code finish, therefore no XSS can be encountered. The scanner informs, that the appspot URL is not within the own project. Scan cannot be performed.

Flo S. · Reviewed about 6 years ago

you have to put "from flask import escape" otherwise the escape function will return error

Ren Z. · Reviewed about 6 years ago

Stanislav B. · Reviewed about 6 years ago

Carlos V. · Reviewed about 6 years ago