Build Systems that Drive Business
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

JavaScript, security, and the case for feature simplicity

10:25am–10:45am Wednesday, June 13, 2018
Location: Grand Ballroom 220
Average rating: ***..
(3.71, 7 ratings)

JavaScript engines are frequently targeted by malicious attackers, and dozens of vulnerabilities are reported in them every year. Most of these occur due to errors made while implementing well-specified features. Natalie Silvanovich discusses the link between feature complexity, developer error, and security vulnerabilities and the importance of considering implementation difficulty in design.

Photo of Natalie Silvanovich

Natalie Silvanovich

Google

Natalie Silvanovich is a security researcher for Google’s Project Zero. Her current focus is on script engines, particularly understanding the subtleties of the scripting languages they implement and how they lead to vulnerabilities. She is a prolific finder of vulnerabilities in this area, reporting over a hundred vulnerabilities in Adobe Flash in the last year. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.