Home > Resources > Whitepapers > Electron Security Checklist A guide for developers and auditors

Electron Security Checklist A guide for developers and auditors

June 30, 2017

Despite all predictions, native Desktop applications are back. After years porting standalone apps to the web, we are witnessing an inverse trend. Many companies have started providing native desktop software built using the same technologies as their web counterparts. In this trend, Github's Electron has become a popular framework to build cross-platform desktop apps with JavaScript, HTML, and CSS. While it seems to be easy, embedding a web application in a self-contained web environment (Chromium, Node.Js) leads to new security challenges. This document introduces a checklist of security anti-patterns and must-have features to illustrate misconfigurations and vulnerabilities in Electron-based applications. Software developers and security auditors can benefit from this document as it provides a concise, yet comprehensive, summary of potential weaknesses and implementation bugs when developing applications using Electron.

I'm For Real

Enter your details once to access all our information and resources

Spotlight

Three.

We want to make life easier for our customers by helping them get the most out of their mobile devices, offering real value from the services we provide and by removing the barriers that frustrate them. Since our launch in 2003, we have done things differently to other mobile operators. While others blocked internet services like Skype, we embraced the great things the internet brings to mobile. Our Feel At Home offer lets our customers call and text the UK and use data out of their UK allowance when abroad in a host of countries.

OTHER WHITEPAPERS
news image

Who Owns Security in the Cloud?

whitePaper | September 27, 2022

Businesses once doubted the long-term benefits of moving their traditional, on-premises workloads to the cloud. But those doubts didn’t last long. The ROI of cloud migration was realized quickly and decisively. Businesses eagerly shifted their workloads to the cloud and realized the financial benefits of doing so. However, in the rush to the cloud, clarity on security — and who is responsible for it — is often lost.

Read More
news image

Quantum Readiness Toolkit: Building a Quantum-Secure Economy

whitePaper | June 29, 2023

Accelerating developments in quantum computing pose new challenges to cybersecurity. The rise of quantum computers has the potential to compromise existing cryptographic systems, putting secure communications and data protection at risk. Organizations must adjust security practices and governance to address the quantum threat.

Read More
news image

2022 Global Cybersecurity Awareness Training Study

whitePaper | August 31, 2022

The benefit awareness cybersecurity awareness training, particular phishing simulations, have gained wide acceptance in business and the public sector.

Read More
news image

Threat Connect Cyber Survey Report

whitePaper | January 4, 2022

Whether you are in financial services, farming, or public infrastructure, the security threat to organizations has never been greater. Today, almost every company is a technology company in some shape or form and this can be a soft underbelly - open to attack. Cyber risk is the fastest-growing risk faced by businesses globally. A wide range of statistics and sources make it clear that attackers have become even more proficient over recent years, using automation to exploit vulnerabilities at an accelerated pace and frequency. Threats are even more widespread and complex than before.

Read More
news image

C2 Password Security White Paper

whitePaper | November 24, 2022

In recent years, the necessity to create and maintain dozens or hundreds of online accounts with logins and passwords has become more and more prominent, especially with remote work on the rise and internet usage at an all-time high. Nothing is more secure than making sure that every one of your accounts that you create is using a unique or randomly generated password, but where do you keep track of all of these passwords, and how can you ensure that your password security is up to par?

Read More
news image

2023 Cloud Security Trends | Sponsored by AWS Marketplace

whitePaper | January 18, 2023

In the past few years, major cloud providers are improving their security controls for customers and increasing visibility into their security solutions. Emerging trends such as endpoint detection and response and Zero Trust have focused the security community on the capabilities and services of both cloud and solution providers.

Read More

Who Owns Security in the Cloud?

whitePaper | September 27, 2022

Businesses once doubted the long-term benefits of moving their traditional, on-premises workloads to the cloud. But those doubts didn’t last long. The ROI of cloud migration was realized quickly and decisively. Businesses eagerly shifted their workloads to the cloud and realized the financial benefits of doing so. However, in the rush to the cloud, clarity on security — and who is responsible for it — is often lost.

Read More

Quantum Readiness Toolkit: Building a Quantum-Secure Economy

whitePaper | June 29, 2023

Accelerating developments in quantum computing pose new challenges to cybersecurity. The rise of quantum computers has the potential to compromise existing cryptographic systems, putting secure communications and data protection at risk. Organizations must adjust security practices and governance to address the quantum threat.

Read More

2022 Global Cybersecurity Awareness Training Study

whitePaper | August 31, 2022

The benefit awareness cybersecurity awareness training, particular phishing simulations, have gained wide acceptance in business and the public sector.

Read More

Threat Connect Cyber Survey Report

whitePaper | January 4, 2022

Whether you are in financial services, farming, or public infrastructure, the security threat to organizations has never been greater. Today, almost every company is a technology company in some shape or form and this can be a soft underbelly - open to attack. Cyber risk is the fastest-growing risk faced by businesses globally. A wide range of statistics and sources make it clear that attackers have become even more proficient over recent years, using automation to exploit vulnerabilities at an accelerated pace and frequency. Threats are even more widespread and complex than before.

Read More

C2 Password Security White Paper

whitePaper | November 24, 2022

In recent years, the necessity to create and maintain dozens or hundreds of online accounts with logins and passwords has become more and more prominent, especially with remote work on the rise and internet usage at an all-time high. Nothing is more secure than making sure that every one of your accounts that you create is using a unique or randomly generated password, but where do you keep track of all of these passwords, and how can you ensure that your password security is up to par?

Read More

2023 Cloud Security Trends | Sponsored by AWS Marketplace

whitePaper | January 18, 2023

In the past few years, major cloud providers are improving their security controls for customers and increasing visibility into their security solutions. Emerging trends such as endpoint detection and response and Zero Trust have focused the security community on the capabilities and services of both cloud and solution providers.

Read More
More Whitepapers

Spotlight

Three.

We want to make life easier for our customers by helping them get the most out of their mobile devices, offering real value from the services we provide and by removing the barriers that frustrate them. Since our launch in 2003, we have done things differently to other mobile operators. While others blocked internet services like Skype, we embraced the great things the internet brings to mobile. Our Feel At Home offer lets our customers call and text the UK and use data out of their UK allowance when abroad in a host of countries.

Events

Nordic IT Security Event

Conference