How to Do Chrome Extension Code Reviews
Offered By: Bugcrowd via YouTube
Course Description
Overview
Learn effective techniques for conducting Chrome extension code reviews in this 18-minute conference talk. Explore the security implications of Chrome extensions' broad access to user data, including cookies, tokens, and browsing history. Discover tools and methods for identifying potential vulnerabilities, starting with the manifest.json file and its permissions. Examine three common insecure coding practices in extensions and their associated security risks. Gain insights into Chrome API scopes, particularly chrome.webRequest and chrome.cookies, and understand their significance for bug bounty hunters. Presented by Breanne Boland, an application security engineer at Salesforce, this talk provides valuable knowledge for both security professionals and developers working with Chrome extensions.
Syllabus
Intro
Chrome extension reviews and my job/context
Why code review? Because market share.
Why code review? Because devs.
Why code review? Because... code.
How to do extension code review: the tl;dr version
Where's the risk?
What the bug hunter should know about this
Chrome.webRequest
Chrome.cookies
Javascript, large and small
Taught by
Bugcrowd
Related Courses
MongoDB for .NET DevelopersMongoDB University Web Application Development – Capstone Course
University of New Mexico via Coursera Ciberseguridad: ataques y contramedidas
Universidad Rey Juan Carlos via Independent Reliable Cloud Infrastructure: Design and Process auf Deutsch
Google Cloud via Coursera Securing and Integrating Components of your Application 日本語版
Google Cloud via Coursera