Security-Centered Design
Upcoming SlideShare
Loading in...5
×
 

Security-Centered Design

on

  • 4,708 views

Security is more than filtering input and escaping output (FIEO), and it’s more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn’t even always black and white. ...

Security is more than filtering input and escaping output (FIEO), and it’s more than cross-site scripting (XSS) and cross-site request forgeries (CSRF). Security isn’t even always black and white. In order to create a more secure user experience, we need to understand how people think. Perception is as important as reality, and meeting user expectations is a fundamental of good security. In this multifarious talk, I’ll introduce some of what I have learned about cognitive psychology, exploring topics such as change blindness and ambient signifiers, and I’ll show some real-world examples that demonstrate the profound impact human behavior can have on security.

Statistics

Views

Total Views
4,708
Views on SlideShare
4,438
Embed Views
270

Actions

Likes
6
Downloads
55
Comments
0

14 Embeds 270

http://uxfactory.com 182
http://www.uxfactory.com 24
http://www.hanrss.com 23
http://omniti.com 13
http://lanyrd.com 9
http://www.slideshare.net 8
http://www.linkedin.com 3
http://www-dev.office.omniti.com 2
http://www.wzd.com 1
file:// 1
http://mail.sds.co.kr 1
http://www-dev.omniti.com 1
http://mail71.paran.com 1
http://uxfactory.tistory.com 1
More...

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Security-Centered Design Security-Centered Design Presentation Transcript

  • SECURITY- CENTERED DESIGN Chris Shiflett shiflett.org @shiflettTuesday, February 21, 12
  • Tuesday, February 21, 12
  • STOPTuesday, February 21, 12
  • STOP Collaborate & ListenTuesday, February 21, 12
  • Tuesday, February 21, 12
  • Web craftsman from Brooklyn, NY, working on Who am I? Mapalong and Brooklyn Beta from Studiomates.Tuesday, February 21, 12
  • TALK OUTLINE Psychology Fun – Ambient Signifiers, Change Blindness Authentication & Phishing – Password Anti-Pattern, OAuth, Facebook Connect Examples – SmugMug Privacy, Facebook Worm, Twitter Don’t ClickTuesday, February 21, 12
  • AMBIENT SIGNIFIERSTuesday, February 21, 12
  • Tokyo SubwayTuesday, February 21, 12
  • Tokyo SubwayTuesday, February 21, 12
  • Ambient UmbrellaTuesday, February 21, 12
  • Ambient SSLTuesday, February 21, 12
  • Login SealsTuesday, February 21, 12
  • CHANGE BLINDNESSTuesday, February 21, 12
  • Tuesday, February 21, 12
  • STOPTuesday, February 21, 12
  • STOP HammertimeTuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • DERREN BROWNTuesday, February 21, 12
  • PASSWORD ANTI-PATTERNTuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • OAUTH http://shiflett.org/blog/2010/sep/twitter-oauthTuesday, February 21, 12
  • Tuesday, February 21, 12
  • FACEBOOK CONNECTTuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • THE WEB IS NOT OBVIOUSTuesday, February 21, 12
  • Tuesday, February 21, 12
  • OPENID OAUTH http://openid.net/ http://oauth.net/ OPENID & OAUTH HYBRID http://j.mp/openidoauth SHARED RESPONSIBILITY http://simonwillison.net/2009/Jul/16/responsibility/Tuesday, February 21, 12
  • SMUGMUG PRIVACYTuesday, February 21, 12
  • Tuesday, February 21, 12
  • Accommodate users’ expectations and tendencies; Pave the cow paths. don’t try to modify them.Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • Be HumbleTuesday, February 21, 12
  • FACEBOOK WORMTuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • TWITTER DON’T CLICKTuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • RELATED POSTS Security and User Experience – http://shiflett.org/blog/2008/jan/security-and-user-experience Ambient Signifiers – http://shiflett.org/blog/2007/feb/ambient-signifiers Facebook Worm – http://shiflett.org/blog/2008/nov/facebook-worm Twitter Don’t Click Exploit – http://shiflett.org/blog/2009/feb/twitter-dont-click-exploitTuesday, February 21, 12
  • PHOTOS Tree – http://flickr.com/photos/stuckincustoms/529110230 Cow path – http://flickr.com/photos/suda/672714986 My backyard – http://flickr.com/photos/shiflett/3261447115Tuesday, February 21, 12
  • Tuesday, February 21, 12
  • FEEDBACK? Follow me on Twitter – @shiflett Comment on my blog – shiflett.org Email me – chris@shiflett.orgTuesday, February 21, 12