Google Cloud IAP - A Pentester Viewpoint

Google Cloud Security Assessment from a pentester's lens. Anjali from NotSoSecure will be sharing her research into Google Cloud IAP & finding ways to assess the use of Google Cloud IAP in your environment and what are some of the low hanging fruits that you can remove today to reduce any potential risk from the service to your Google Cloud environment. Episode YouTube Video Link Host Twitter: Ashish Rajan (⁠⁠⁠⁠⁠@hashishrajan⁠⁠⁠⁠⁠) Guest Socials: Anjali S's Linkedin (Anjali S) Podcast Twitter - ⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠ If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - ⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠ - ⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠ Spotify TimeStamp for Interview Questions A word from our sponsors - you can visit them on ⁠⁠⁠⁠⁠snyk.io/csp⁠⁠⁠⁠⁠ (00:00) Introduction (04:31) A bit about Anjali Shukla (05:23) What is GCP IAP? (07:18) Why is IAP so important? (09:55) IAP and Identity Federation (11:34) SSH vs Jump Box (13:57) GCP IAP vs AWS Cognito (16:22) Misconfigurations in GCP IAP (23:17) Potential security scenarios (25:45) Cloud Security Assessment in GCP (28:13) Doing your own cloud security assessment (30:49) The Fun Questions See you at the next episode!