YoVDO

WebAssembly - A New World of Native Exploits on the Browser

Offered By: Black Hat via YouTube

Tags

Black Hat Courses WebAssembly Courses Cross-Site Scripting (XSS) Courses Buffer Overflow Courses Integer Overflow Courses

Course Description

Overview

Explore WebAssembly's security implications in this 45-minute Black Hat conference talk. Gain a basic understanding of WebAssembly and examine potential security risks for developers. Delve into WebAssembly's low-level semantics, including the Javascript API, linear memory model, and function pointer tables. Learn about linear memory, function tables, Wasm in the browser, Inscript, integer overflows, buffer overflows, existing bugs, and XSS vulnerabilities. Discover preventive measures, the WebAssembly design specification, and the WebAssembly optimizer. Presented by Justin Engler and Tyler Lukasiewicz, this talk offers valuable insights for developers and security professionals working with WebAssembly in browser environments.

Syllabus

Introduction
Linear Memory
Function Tables
Wasm in the Browser
Inscript
Integer Overflows
Buffer Overflows
Existing Bugs
XSS
What can we do
WebAssembly design specification
WebAssembly optimizer


Taught by

Black Hat

Related Courses

Attack on Titan M, Reloaded - Vulnerability Research on a Modern Security Chip
Black Hat via YouTube
Attacks From a New Front Door in 4G & 5G Mobile Networks
Black Hat via YouTube
AAD Joined Machines - The New Lateral Movement
Black Hat via YouTube
Better Privacy Through Offense - How to Build a Privacy Red Team
Black Hat via YouTube
Whip the Whisperer - Simulating Side Channel Leakage
Black Hat via YouTube