WebAssembly for security beyond the browser, with Jonathan Foote – Duo Tech Talk

WebAssembly is a promising new technology that aims to bring performant, safe, multi-language features to browsers and fundamentally shift the web away from a Javascript monoculture. The WebAssembly effort is largely driven by browser vendors (Mozilla, Google, Microsoft, et. al.) but it provides a sandboxing framework designed for use outside the browser as well.

Edge compute services, such as content delivery networks, mesh networks and edge cloud services, seek efficiency in engineering tradeoffs between performance, isolation, security and safety. WebAssembly has the potential to transform edge compute engineering by providing performant, secure execution of untrusted code in arbitrary applications.

In this talk Jonathan Foote will cover salient aspects of WebAssembly, sandboxing technology, and early progress in research and development towards a security-hardened, high-performance sandbox design for running untrusted code on the server.

Bio

Jonathan Foote is principal security architect at Fastly, a content delivery network (CDN) that many ubiquitous and high-profile organizations like GitHub, Pinterest, and The New York Times rely on for performance, reliability, and security of their web applications.

Previously, Jonathan attacked a range application and network environments as a penetration tester, performed security research at Carnegie Mellon University SEI/CERT, and engineered secure network communication systems for Fortune 100 companies. Jonathan holds a BS in Computer Science from Penn State and an MBA from Loyola University.

via Duo Security

About The Author
- Duo Security provides cloud-based two-factor authentication to thousands of organizations worldwide, including Facebook, Etsy, Random House, Paramount Pictures, Box, Toyota, Yelp, and Threadless. In as little as fifteen minutes, Duo Security’s innovative and easy-to-use technology can be deployed to protect users, data, and applications from breaches, credential theft and account takeover.

Tell us what you think...