11.30
When a friend of mine told me about Google’s new vulnerability reward program for web applications, my first reaction was a mix of excitement and skepticism. On the one hand, I love web application security and penetration testing: this program was right up my alley (especially given my recent abundance of free time). On the other hand, I had never run across a security vulnerability in a Google application before: I wasn’t sure that I would find anything, even if I looked hard.
As it turned out, I needn’t have worried: I spent many hours testing
various Google webapps, but I also found plenty of vulnerabilities. 
Under the terms of the program (and the rules of responsible
disclosure), I will not be discussing the details of any vulnerabilities
until they are fully resolved. Once the Google Security Team has
confirmed to me that a particular issue has been dealt with, I will be
doing a little writeup about it on this blog (a full list of the
writeups can be found here). Hopefully people will find the writeups
informative. 
Comments