AppSec or Penetration testing?

[Ben Hymans]

DOes anyone know if Google has any official policy around performing
an Application Security assessment or "Penetration Test" against my
own app on appengine? I can't seem to locate any info in the TOS or
the groups/forums. I don't wan't to start sending malicious looking
test requests to my app only to have google shut me down because they
think it is an actual attack. Any info would be appreciated!

[Ikai Lan (Google)]

Do you have any more information about what it is you're going to be doing? I can flag our team and make them aware of it.

Ikai Lan 
Developer Programs Engineer, Google App Engine

Blog: http://googleappengine.blogspot.com 

Twitter: http://twitter.com/app_engine

Reddit: http://www.reddit.com/r/appengine

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.

[Ben Hymans]

Hi Ikai, thanks for the response. It looks like we will be testing
the following:
Infrastructure:
-Port Scan
-Vulnerability Scan (similar to Nessus, Qualys, etc…)

Application Security Assessment:
-Automated Web Application Scan (looking for things like Cross-Site
Scripting, SQL Injection, etc…)
-Manual Verification of Potential Vulnerabilities
-Modification of Requests to the Application

The appID is ovb-dev

We will responsibly alert you to any vulnerabilities we may uncover.