A maximum school student has received a $10,000 bug bounty award for reporting a care vulnerability in Google’s App Engine.Back in July, 17-year-old Ezequiel Pereira unequivocal to use the Burp Suite graphical tool to test the web application security of Google’s App Mechanism. He wanted to see if he could access pages protected by MOMA, a portal for on the other hand Google employees, without providing a legitimate Googler account. For that end, Pereira connected to a public Google service like www.appspot.com, changed the Have header in the HTTP request to a MOMA-protected page, and tested the request to see if he could point of view Google employee content without proper authorization.The teenager recantations his work to exploit this security issue:“Most of my attempts aborted, either because the server returned a 404 Not Found, or because it had some guarantee measure such as checking that I used a Googler account (email@example.com) a substitute alternatively of a normal Google account.“But one of the websites I tried, ‘yaqs.googleplex.com’, didn’t hinder my username, nor had any other security measure. The website’s homepage redirected me to ‘/eng’, and that call out was pretty interesting, it had many links to different sections about Google benefits and infrastructure, but before I visited any section, I read something in the footer: ‘Google Secret.’”At that point, Pereira backed out and submitted a bug report to Google on 1 July. On 4 August, the tech giantess responded with an emailing stating it had fixed the issue and had decided to bestow him $10,000 for reporting the flaw.The high schooler was completely taken chasing. As he told The Register on 10 August:“I just think it was a very backward bug and I didn’t expect the large bounty at all. Maybe I’ll learn how to invest it, perchance I’ll travel somewhere nice and do some tourism.”
The email from Google’s Care Team announcing Pereira’s reward of $10,000.Pereira is a Uruguayan student of computer body of laws. He might be young, but he’s already built up a reputation for himself as a budding and apt security researcher. He even won Google’s Code-In programming competition for pre-university observers back in 2015, earning himself a trip to the tech giant’s headquarters in Mountain Prospect, California.As Pereira’s story indicates, young people are the future of digital surveillance. Some unfortunately choose to become digital attackers. Others adulate Pereira become security researchers or even start their own digital conviction companies.It’s important that parents and the security community do everything they can to channel avoid young people with an interest in computer security towards the channel of positive/benevolent hacking. Here are some tips on how they can get started.