C# in the Browser…what the…?

Tagged: , ,

This topic contains 0 replies, has 1 voice, and was last updated by  Michael J. Conway 1 year, 1 month ago.

  • Author
    Posts
  • #169314
     Michael J. Conway 
    Participant

    Was just reading the MS blog and came across a post talking about running C# in the browser in a manner similar to JavaScript. For whatever reason, that kind of scares me. C# is a high-level language that can and does call various system DLLs. MS does say that the C# would run in the same security sandbox as JavaScript but a quick Google shows that that is not full proof.

    C# takes advantage of advantage of the newest capabilities of browsers, WebAssembly (WASM). Back in March, the Spectre vulnerabilities hit the open web and they were able to be used to exploit systems by being compiled into JavaScript. They too took advantage of WASM. While I think this is a cool development and C# offers more advanced security, it can also open a whole new attack vector.

    I, for one, will be eagerly awaiting the day we start hearing about C# browser exploits.

    https://msdn.microsoft.com/magazine/mt829752?MC=MSAzure&MC=DevOps&MC=Vstudio&MC=Testing&MC=CSHARP
    https://react-etc.net/entry/web-security-exploits-c-to-javascript-webassembly

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?