Don’t Trust Anything! Real-world Uses For WebAssembly • Katie Bell • YOW! 2023

This presentation was recorded at YOW! Australia 2023. #GOTOcon #YOW Katie Bell - Freelance Software Developer and Creator of SplootCode RESOURCES ABSTRACT Let’s face it, we all use libraries written by strangers on the internet that we shouldn’t entirely trust. It’s not just that there could be malicious code but even a library with an accidental vulnerability can wreak havoc. You’ve probably heard of WebAssembly, but maybe you think of it as only relevant to browsers and front end development. It was created for browsers, but now WebAssembly is a battle-tested, fast, standardised, language-independent and cross-platform runtime. Most importantly, it was designed from the ground up to securely run untrusted code. This talk will go through how WebAssembly works with practical examples and explore case studies of real-world companies using WebAssembly to run code securely and efficiently. [...] TIMECODES 00:00 Intro 00:25 Untrusted code 14:23 WebAssembly 19:17 Sandboxing without using a separate process 24:10 WASI (WebAssembly System Interface) 29:48 Demo 34:03 WASI continued 34:50 Case study: Shopify functions 36:41 Case study: Mozilla Firefox 39:28 Security 41:49 Reminder: Security in depth 42:39 Where are we now? 45:50 When are you running untrusted code? 47:54 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Kevin Hoffman • Programming WebAssembly with Rust • Valerio De Sanctis • Building Web APIs with Core • Brian Sletten • WebAssembly: The Definitive Guide • Sendil Kumar Nellaiyapen • Practical WebAssembly • #WebAssembly #Wasm #WASI #WebAssemblySystemInterface #MozzillaFirefox #Shopify #KatieBell #SplootCode #YOWcon Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.