The Problems and Promise of WebAssembly

Presented at Black Hat USA 2018, Aug. 9, 2018, 9 a.m. (25 minutes)

WebAssembly is a new standard that allows assembly-like code to run in browsers at near-native speed. But how does WebAssembly work, and how does it execute code while maintaining the security guarantees of a browser? This presentation gives an overview of the features of WebAssembly, as well as examples of vulnerabilities that occur in each feature. It will also discuss the future of WebAssembly, and emerging areas of security concern. Learn to find bugs in one of the newest and fastest growing parts of the browser!

Presenters:

• Natalie Silvanovich - Security Engineer, Google
  Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is on script engines, particularly understanding the subtleties of the scripting languages they implement and how they lead to vulnerabilities. She is a prolific finder of vulnerabilities in this area, reporting over a hundred vulnerabilities in Adobe Flash in the last year. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.

Links:

• https://www.blackhat.com/us-18/briefings/schedule/#the-problems-and-promise-of-webassembly-11219
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2018/The Problems and Promise of WebAssembly.mp4
• https://www.youtube.com/watch?v=BHwqORo_83E

Similar Presentations:

• ArcticCon 2018 / Web Assembly for Security Beyond the Browser
• Black Hat USA 2018 / WebAssembly: A New World of Native Exploits on the Browser
• DEF CON 27 (2019) / Hacking WebAssembly Games with Binary Instrumentation