MarkDoom: How I Hacked Every Major IDE in 2 Weeks

Explore the security vulnerabilities in popular Integrated Development Environments (IDEs) through this eye-opening conference talk from APPSEC Cali 2018. Delve into the world of "Desktop Web" applications, where embedded browsers are increasingly used to create user-friendly interfaces. Discover how Matt Austin, Director of Security Research at Contrast Security, uncovered arbitrary code execution vulnerabilities in major IDEs such as Visual Studio Code, GitHub Atom Editor, Sublime Text, Adobe Brackets Editor, and all JetBrains products. Learn about the intersection of web application and desktop security, understand the implementation flaws in these editors, and gain insights into safer development practices. This 40-minute presentation covers the research that led to 5 CVEs and significant bug bounties, highlighting the potential risks in the evolving landscape of desktop applications built with web technologies.