Security Explorations CEO Adam Gowdiak says he’s found 41 flaws in Google App Engine for Java. He says he has sent Google proof-of-concept exploit code to demonstrate how the flaws could be exploited. Google has offered a Vulnerability Reward Program that now pays security researchers between $100 and $20,000 for exploitable flaws. Google’s Project Zero bug-hunting team has begun informing vendors of vulnerabilities it has discovered in their products, giving them 90 days to issue a fix before details of the flaws are automatically released to the public.”]
Source: https://www.cuinfosecurity.com/google-app-engine-flaws-described-a-8227