#HITB2017AMS

ECMAScript is the standard used to implement JavaScript in browsers and script engines. As new features are added, new tools become available to manipulate browsers’ underlying native code leading to new and exciting bugs. This talk discusses some of the more interesting parts of the ECMAScript specification, and how they led to bugs in Microsoft’s Chakra JavaScript Engine. A keynote recommended for people who want to find more or better browser bugs!

===

Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is on script engines, understanding the subtleties of the scripting languages they implement and how they lead to vulnerabilities. She is a prolific finder of vulnerabilities in this area, reporting over a hundred vulnerabilities in Adobe Flash in the last year. Previously, she worked in mobile security, on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets, and has spoken at several conferences on the subject of Tamagotchi hacking. She is actively involved in hackerspaces and is a founding member of Kwartzlab Makerspace in Kitchener, Ontario, Canada.