Highest Voted 'web-assembly' Questions - IT Security Stack Exchange

5

votes

1 answer

Web Assembly Security

I'm excited about the prospects of web-assembly for the future, but I'm curious if this will have the same security ramifications of Java Applets. What are some of the reasons why web assembly is expected to be more secure than Java Applets? (Isn't…

asked Jan 05 '21 at 22:14

JacKeown

153
4

4

votes

1 answer

Does CORS interact with WebAssembly the same way it does with Javascript?

Anyone in the WebAppSec world is familiar with CORS as a mechanism to specify policy for when javascript is allowed to make API calls to different domains. As WebAssembly ("Wasm" - a binary web language standardized in 2019; webassembly.org,…

cors web-assembly

asked Feb 25 '21 at 15:49

Mike Ounsworth

57,707
21
150
207

3

votes

2 answers

A runtime sometimes converts string arguments (or string returns) from WTF-16 to UTF-16 between functions in a call stack. Is this a security concern?

Suppose that we have this code (in TypeScript syntax): function one(str: string): string { // do something with the string return str } function two() { let s = getSomeString() // returns some unknown string that may contain surrogates s =…

web-browser javascript format-string string web-assembly

asked Jul 26 '21 at 06:08

trusktr

61
9

3

votes

1 answer

Can WebAssembly execution be disabled in browsers?

I've recently found out about this new technology, which recently became a World Wide Web Consortium recommendation and also that now almost all main browsers support it and it is enabled by default, see e.g. this. I was not able to find in e.g.…

web-application web-browser web-assembly

asked Jan 22 '20 at 11:21

Alexei Martianov

159
4

0

votes

0 answers

Need a cross-platform method of generating near truly random numbers

I have been working on an app that uses a combination of different encryption methods; some of them are libraries, and the most important ones are my own implementations. The app is cross-platform that are compiled natively on desktop (Linux,…

encryption c++ cross-platform web-assembly

asked Jun 23 '22 at 00:21

mike yang yang

1
1

0

votes

0 answers

securing webassembly/WasmEdge - any 0-day exploits so far and devsecops pipeline targetted at webassembly?

I am looking to deploy webassembly at scale in production. Before I do so, like to know if there are any 0-day exploits so far and if there are devsecops tools pipeline specifically targetted at webassembly?

web-assembly

asked Oct 13 '21 at 11:10

Nathan Aw

1
7
12

Questions tagged [web-assembly]

Web Assembly Security

Does CORS interact with WebAssembly the same way it does with Javascript?

A runtime sometimes converts string arguments (or string returns) from WTF-16 to UTF-16 between functions in a call stack. Is this a security concern?

Can WebAssembly execution be disabled in browsers?

Need a cross-platform method of generating near truly random numbers

securing webassembly/WasmEdge - any 0-day exploits so far and devsecops pipeline targetted at webassembly?