Feb 28, 2009, 08:55 by tess
Great talk taking an interesting tangent from the usual technical viewpoint.
Security-Centered Design: Exploring the Impact of Human Behavior
Chris Shiflett (Feb 27, 2009)
Talk at PHP UK Conference 2009 (English - US)
Security is more than filtering input and escaping output (FIEO), and it's more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn't even always black and white. In order to create a more secure user experience, we need to understand how people think. Perception can be as important as reality, and meeting user expectations is a fundamental of good security. In this multifarious talk, I'll introduce some of what I have learned about cognitive psychology, exploring topics such as change blindness and ambient signifiers, and I'll show some real-world examples that demonstrate the profound impact human behavior can have on security.
Quicklink: http://joind.in/166
Comments
Feb 28, 2009, 14:26 by stunami
Great talk and very entertaining. Was great to see a security talk that covered more than the usual topics. I will certainly be more aware from now on
Feb 28, 2009, 14:43 by akrabat
Great talk - glad to see a security talk that made me think about the wider context.
Feb 28, 2009, 22:21 by NickBelhomme
Great talk, Chris has a certain calm over himself which is really inspiring and made the talk really enjoyable to watch. Also the way he does the coverage of the topic is great. Everything felt really natural and seemed to come from a vast knowledge on the topic. A++
Feb 28, 2009, 22:45 by marcgear
This was a very professional presentation. The topic of how interaction design affects the security of an application offered some new and interesting perspectives. It was great to hear Chris discuss a topic about which he has become interested in recently, his excitement for the content was clear, and yet delivered in an understated way. Full of quick-witted humor and obvious intelligence. By far the best talk of the conference.
Mar 1, 2009, 22:51 by Anonymous
This talk was Great, had all the right targets to get people thinking on everything and seemingly hanging on Chris' every word. Well Presented, Well performed, just Well Everything. Hopefully we will see more talks/presentations of this calibre at future conferences not only from Chris, but from other people as well.
Mar 1, 2009, 22:52 by noginn
Not the usual security talk, which is what made it more interesting. It was the highlight of the conference for me.
Mar 1, 2009, 23:39 by dotjay
A really interesting and engaging talk exploring security from a very human perspective, rather than concentrating on the usual technicalities. Lots of food for thought. Well done, Chris.
Mar 2, 2009, 08:30 by lornajane
This isn't the first time I've seen this talk and I was still completely blown away by it. The ideas are so simple but powerful, and the presentation was impeccably well delivered
Mar 2, 2009, 15:38 by Anonymous
Great talk and good presentation. BUT,I was expecting more PHP related stuff. Like most other speakers in the PHP conference hardly talk about PHP and it is all general web stuff. I guess everyone has moved on from coding and all like to talk about general and not programming stuff in specific.
Feb 28, 2009, 08:19 by stefan
An excellent talk, giving insight into more than just technical PHP stuff, which I like a lot.