Explore the security implications of the Electron framework in desktop application development through this informative conference talk. Delve into how web developers transitioning to desktop environments often bring common web vulnerabilities, particularly XSS, into a context where they can have far more severe consequences. Examine the unique security challenges posed by Electron applications, including their expanded attack surface and potential for code execution from XSS vulnerabilities. Gain insights into the speaker's research, which has led to multiple CVE discoveries, and learn about possible attack vectors that developers may be unaware of. Witness live demonstrations of vulnerable Electron applications, showcasing how XSS can lead to full code execution in these non-sandboxed environments.
Overview
Syllabus
Silvia Väli - Only an Electron away from code execution
Taught by
NorthSec