Oct 14, 2010
Paul Theriault, Managing Consultant, stratsec, presents "Can You Trust Your Workers - Examining The Security Of Web Workers" at Hack In The Box, Kuala Lumpur.
The Web Worker specification brings thread-like behaviour to web pages, allowing web pages to run scripts in the background. The presentation proposes to examine the security of Web Workers in the following areas:
- The security implications of the Web Worker specification
- Compare the current implementations functionality and restrictions
- Discuss previous bugs and look at potential future issues
- Testing the segregation of the Worker sandbox
One of the key security features of the Web Worker is the segregation from the context of the calling page. At a glance these properties make the web worker a natural sandbox for running untrusted code. But how safe is it to run untrusted code in this manner – can you trust your Workers?
Download presentation: stratsec - HITB 2010 - Can You Trust Your Workers.pdf