An Analysis of Modern Web Security Vulnerabilities Inside WebAssembly Applications
Lorenzo Corrias, Lorenzo Pisu, Davide Maiorca, Giorgio Giacinto
TL;DR
This paper analyzes security vulnerabilities in WebAssembly applications, demonstrating how binary flaws can compromise web security and proposing best practices for mitigation.
Contribution
It provides a detailed analysis of binary vulnerabilities in WASM, illustrating their impact on web security and offering mitigation strategies.
Findings
Binary vulnerabilities can lead to web security issues like SQL Injection and XS-Leaks.
WASM vulnerabilities can bypass common web security mechanisms.
The paper proposes best practices for secure WASM development.
Abstract
The growth in the adoption of the WebAssembly (WASM) standard has given rise to a rapidly increasing landscape of binary applications that are natively ported to the environment of websites. The flexibility of WASM has made it the preferred way to run fast and resource-heavy applications, replacing a field that JavaScript previously monopolized. Despite its success, researchers have raised concerns over the security implementations of WASM, demonstrating that binary vulnerabilities, such as Buffer Overflows and Use After Free, remain a present danger for WASM binaries. Our work aims to demonstrate that such vulnerabilities, when occurring on a WebAssembly module, can affect the behavior of a web application in unexpected ways, enabling an attacker to exploit vulnerabilities that are typical of the web security landscape. We provide several scenarios to provide examples of how each…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsWeb Application Security Vulnerabilities · Security and Verification in Computing · Information and Cyber Security