Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Electron: From Awesome To Scary And Back Again ...

FHV
July 20, 2018
Technology
0
390

Electron: From Awesome To Scary And Back Again (ScotlandJS)

Electron lets you use JS to write cross-platform desktop applications that look like the real deal -- that's kinda cool? But the thing ships with a million scary security warnings! So, what are some of the fun things you could do with it, how could they go wrong, and how do you make them safe?

FHV

July 20, 2018
Tweet

More Decks by FHV

See All by FHV
Intro to digital security
flohdot
1
76
A Beginner's Toolkit for Securing Web Apps
flohdot
0
63
Dipping your toes into web security
flohdot
0
59
Digital Harm Reduction by Floh & Cleve (Perverscité 2016)
flohdot
0
110
Intro to web security
flohdot
0
63
An intro to web security
flohdot
0
190
Intro to Riak at montreal.rb
flohdot
0
81

Other Decks in Technology

See All in Technology
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
5
570
TypeScriptの次なる大進化なるか!? 条件型を返り値とする関数の型推論
uhyo
2
1.6k
AGIについてChatGPTに聞いてみた
blueb
0
130
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
750
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940
ドメインの本質を掴む / Get the essence of the domain
sinsoku
2
150
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.3k
Evangelismo técnico: ¿qué, cómo y por qué?
trishagee
0
350
データプロダクトの定義からはじめる、データコントラクト駆動なデータ基盤
chanyou0311
2
280
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
190

Featured

See All Featured
Code Review Best Practice
trishagee
64
17k
Designing the Hi-DPI Web
ddemaree
280
34k
How GitHub (no longer) Works
holman
310
140k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Faster Mobile Websites
deanohume
305
30k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k

Transcript

  1. Title

  2. Hi.

  3. Table of contents • The what and why of Electron

    • The Electron security model • How to Electron safely • Some optimism!

  4. What is it? Why is it?

  5. How does it work?

  6. Nodejs Chromium

  7. Code example with require()

  8. None

  9. The security model

  10. Browser sandbox

  11. Diagram of user space?

  12. None

  13. repeat: code example with require()

  14. XSS snippet

  15. None

  16. Scary nodejs xss possibilities

  17. None
  18. None

  19. How to Electron safely

  20. node_modules

  21. Npm audit

  22. Page loads from all over the place

  23. wysiwyg

  24. totally restrictive CSP

  25. CSP screenshot

  26. Electron updates are your friend

  27. Lots of eyes audit audit audit

  28. None
  29. None
  30. None

  31. Now for some optimism…

  32. None
  33. None

  34. the threat model of a desktop app

  35. None

  36. Conclusion

  37. resources

  38. Contact info

  39. None

  40. Hi.