Google expands flaw bounty to cover web app vulnerabilities

Google plans to start paying bounties to hackers who find serious security flaws in web applications that manage highly sensitive user data.

Google plans to start paying bounties to hackers who find serious security flaws in web applications that manage highly sensitive user data.

As part of what is described as an experimental new vulnerability reward program that applies to Google web properties, the search marketing giant is inviting the security research community to report potentially dangerous flaws in "any web properties which display or manage highly sensitive authenticated user data or accounts."

follow Ryan Naraine on twitter

The company specifically called out the flagship *.google.com domain, as well as the wildly popular *.youtube.com, *.blogger.com and *.orkut.com sites.

Google said it would pay the bounty for any serious bug that "directly affects the confidentiality or integrity of user data."

These include cross-site scripting (XSS) flaws, cross-site request forgery (XSRF/CSRF), cross-site script inclusion(XSSI), bypassing authorization controls (e.g. User A can access User B's private data), and server-side code execution or command injection.

More information on the plan can be found in this Google blog post.
ALSO SEE:

* Image from Stevec77's Flickr photostream (Creative Commons 2.0).

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All