Login or Register

Security-Centered Design

Chris Shiflett (29.Sep.2009)
Talk at CodeWorks 2009 (Atlanta) (English - US)

Rating: 4 of 5

Security is more than filtering input and escaping output (FIEO). It's more than cross-site scripting (XSS) and cross-site request forgeries (CSRF).Security isn't even always black and white. In order to create a more secure user experience, we need to understand how people think.Perception can be as important as reality, and meeting user expectations is a fundamental of good security. In this multifarious talk, I'll introducesome of what I have learned about cognitive psychology, exploring topics such as change blindness and ambient signifiers, and I'll show somereal-world examples that demonstrate the profound impact human behavior can have on security.

Quicklink: https://joind.in/749

Who are you?

Claim talk

By clicking this button you are declaring that you are the speaker responsible for it and a claim request will be sent to the administrator of the event.

If the claim is approved you will be able to edit the information for this talk.

Are you sure?

 
Comments closed.

Comments

Rating: 4 of 5

30.Sep.2009 at 13:54 by Benjamin Young

Great psychology focused presentation on security. It was good to hear about the more "ambient" and conceptual aspects of building secure systems. Left a lot of room for experimentation and exploration. Great photos and examples too.

Rating: 5 of 5

30.Sep.2009 at 14:43 by Dorea Hardy

Love the concept of Security-Centered design. The videos are a great way to showcase our ability to pay attention ... or lack thereof.

Rating: 5 of 5

30.Sep.2009 at 14:47 by Brian Moon

Good stuff. Some I had seen, some I had not. Chris is 10x the presenter I am. I wish I had his style.

Rating: 4 of 5

30.Sep.2009 at 16:18 by Chuck Burgess

Interesting points to ponder when considering secure design and application decisions.

Rating: 4 of 5

01.Oct.2009 at 15:23 by Errol Sayre

Glad Chris gave many their first introduction to ambient signifiers and change blindness. Also pleased that he covered user tendencies (which he called "cow paths") and unofficial/unwritten standards such as the implied meanings of words in a given context (specifically the SmugMug example). I was disappointed he didn't give PHP specific principles as I had heard from him in webinars in the past, but I suppose that would be a different talk.

By far the most entertaining presentation.

Sign in

Or login via these services:
Sign in with twitter

Sign in with Facebook

Need an account? Register now!
Forgot Password

Combell
Cloud server hosting by Combell

Submit your event

Know of an event happening? Let us know! We love to get the word out about events the community would be interested in and you can help us spread the word!

Submit your event!

Talk Also Given At...

CodeWorks 2009 (Miami)
CodeWorks 2009 (Washington)
CodeWorks 2009 (New York)
ConFoo.ca Web Techno Conference
Events | Talks | Search | About | Help | Blog | API | Contact
Cloud server hosting by Combell Combell      © Joind.in 2012