The Origin of Array [@@species]: How Standards Drive Bugs in Script Engines

Presented at Black Hat USA 2017, July 27, 2017, 2:30 p.m. (50 minutes)

Web standards are ever-evolving and determine what browsers can do. But new features can also lead to new vulnerabilities as they exercise existing functionality in new and unexpected ways. This talk discusses some of the more interesting and unusual features of JavaScript, and how they lead to bugs in a variety of software, including Adobe Flash, Chrome, Microsoft Edge and Safari. Recommended for browser researchers, developers and anyone who's ever tried to implement a standard.


Presenters:

  • Natalie Silvanovich - Security Engineer, Google
    Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is on script engines, understanding the subtleties of the scripting languages they implement and how they lead to vulnerabilities. She is a prolific finder of vulnerabilities in this area, reporting over a hundred vulnerabilities in Adobe Flash in the last year. Previously, she worked in mobile security, on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets, and has spoken at several conferences on the subject of Tamagotchi hacking.

Links:

Similar Presentations: