Presentations
Templates
Features
Teams
Pricing
Log in
Sign up
Log in
Sign up
Menu
Security
by(e)
Design
Security
and
UX
: are they related at all?
How
security
experts break UX
DX: a melting pot of approaches
HoW
UX
experts break Security
ways to avoid both
What we'll talk about
@
benedek
gagyi
Where do
security
bugs
come from?
Specification
implementation
missing functionality
"bonus" features
security bugs happen when the system in
our head
doesn't match the one in the
real world
.
Where does
Bad User experience
come from?
form over function
incorrect assumptions
goals not aligned with user needs
Unpleasant UX happens whe the system in
our head
doesn't match the one in the
real world
.
Security is part of UX
Axiom:
How security experts break ux
Part I
"to autofill, or not to autofill, this is the question"
password manager pO-s
Security
vs
Developer experience
DX is UX
Axiom:
DEvelopers wearing 3 hats:
DX
Security
Implementation
crypto.subtle
dangerouslySetInnerHTML
the Devil in the
details
Complexity
"
You cannot break security if you do not
understand
a system better than the people who made the system
"
OAuth
“
So the answer to this question is: No,
never store a JWT in local storage
.
”
Storing tokens and XSS
1. oversimplification
2. attack surface
HTTPS
Cert management is a mess tho'
*
oauth
*
compliance
driven
development
Employee education
EMPLOYEE EXPERIENCE
(EX)
Who cares about security scan results?
GDPR
How UX experts break Security
Part II
Security
theater
"refers to security measures that make people
feel
more secure without doing anything to actually improve their security"
Forgot your password?
security
through text
user
education
is hard
user
Miseducation
is easy
reducing
friction
Solutions
Part III
communication
...duh
threat modelling
Developer
user research
paved roads concept
ensure that developers can build secure things by default
awareness
internal education
share your wins
post mortems /
war stories
Thank
you
Security by(e) Design?
By Benedek Gagyi
Made with Slides.com
Security by(e) Design?
564
Benedek Gagyi
Web dev.
BenedekGagyi
More from
Benedek Gagyi