Numerous flaws discovered in Google App Engine | SC Media
Architecture, Cloud, Strategy, Vulnerability management

Numerous flaws discovered in Google App Engine

December 10, 2014

Security experts have discovered a slew of vulnerabilities within the Google App Engine, a cloud service that allowed customers to develop and host web applications on Google's cloud infrastructure.

In a detailed post on Full Disclosure, Adam Gowdiak, CEO and founder of Poland-based Security Explorations, shared the serious bugs discovered by his team. While he says that other issues are “pending verification,” he estimates that there are more than 30 vulnerabilities on the platform.

Some of the bugs found by his team could allow attackers to escape from the Java Virtual Machine security sandbox, achieve native code execution and extract binary files.

The researchers were unable to complete their work after Google suspended the test account they set up, an action that Gowdiak hopes is reversed seeing as their work revolves around the “educational nature of security issues.” 

prestitial ad