The “Google Security Reward” program has attracted attention of many researchers. This program provided them with a legal opportunity to analyze the security of Google services and applications. Researches were allowed to examine not only applications like Google Chrome, but also interactive services: search engine google.com, mail service gmail.com, video service youtube.com, blog service blogger.com, and social network service orkut.com.
The experts from the “Positive Research” Center, which is an innovation department of the Positive Technologies Company, have also joined the program. In the result of analysis performed by the experts of the “Positive Research” Center, several vulnerabilities of various risk levels were detected; these vulnerabilities were than analyzed and eliminated by Google specialists. As a reward for helping make Google products safer, the “Positive Research” Center team was introduced into the virtual Google Security Hall of Fame (http://www.google.com/corporate/halloffame.html).
Analysis and estimation of the security level of such large-scale applications as Google services are is a serious challenge to test professional skills of any information security specialist. The Google Company is widely known to be highly responsible for protection of their resources. During the research, we applied methods and algorithms that are used by the Positive Technologies Company to provide consulting services and are implemented in the MaxPatrol system. By the program terms, we couldn’t apply automated security estimation tools, which introduced additional complexity.
The research showed that the Google resources are highly protected. Not only security requirements are considered at the stages of designing and development, but also proactive protection mechanisms (that complicate, but don’t exclude vulnerability exploitation) are implemented in Google services. It is pleasant to ascertain that methods and algorithms developed and used by the “Positive Research” team satisfy modern requirements in the field of security estimation and analysis and allow us to protect millions of Google users from Internet threats.