Explore the dual nature of WebAssembly (WASM) security in this 21-minute conference talk from BSidesSF 2019. Dive into the evolution of WASM from JavaScript and asm.js, understanding its performance benefits and security model. Learn about the protective measures for users and developers, including sandboxed environments and primitives like type safety and control flow integrity. Examine the increasing use of WASM in malicious activities such as keyloggers, tech support scams, and sophisticated coin-mining scripts. Discover the challenges faced by web authors due to vulnerable WASM modules. Analyze both the malicious intent behind advanced WASM modules and the expanded attack surface created by exploitable modules. Gain insights into WASM examples, security features, attack techniques, and defensive measures through topics like EMC, Big Amount WASM, Key Lockers, Chi Miners, and Kryptonite Filter.