Service Workers vs Corporate Firewalls

Explore the potential security implications of service workers in corporate environments through this 32-minute conference talk from Nullcon Goa 2022. Delve into Aleksandr Kolchanov's research on how service workers, designed to enhance web performance and offline functionality, can be exploited to bypass corporate firewalls with HTTP(S) traffic inspection. Gain insights into the unexpected interactions between these JavaScript assets and security measures, and understand the potential risks posed to network defenses. Learn about the methods and findings of this investigation, which examines the consequences of blocked websites leveraging service workers to circumvent access controls.